Skip to content

fpush-apns: add APNs token-based authentication (p8)#42

Open
infobug wants to merge 1 commit into
monal-im:masterfrom
infobug:feature/apns-token-auth
Open

fpush-apns: add APNs token-based authentication (p8)#42
infobug wants to merge 1 commit into
monal-im:masterfrom
infobug:feature/apns-token-auth

Conversation

@infobug
Copy link
Copy Markdown

@infobug infobug commented Apr 25, 2026
edited
Loading

Summary

  • Adds support for token-based APNs authentication (p8 keys) as an alternative to certificate-based auth (p12)
  • Token-based auth uses a .p8 key file that never expires, eliminating annual certificate renewal
  • Fully backward compatible — existing p12 configs continue to work without any changes

Configuration

Either auth method can be used by providing the appropriate fields:

Certificate-based (existing, unchanged):

"apns": {
  "certFilePath": "/path/to/cert.p12",
  "certPassword": "password",
  "topic": "com.example.app",
  "environment": "production"
}

Token-based (new):

"apns": {
  "keyPath": "/path/to/AuthKey_XXXXXXXXXX.p8",
  "keyId": "XXXXXXXXXX",
  "teamId": "XXXXXXXXXX",
  "topic": "com.example.app",
  "environment": "production"
}

Implementation

  • config.rs: Made certFilePath/certPassword optional, added keyPath/keyId/teamId fields, added ApnsAuth enum to express the two auth modes
  • push.rs: Added a second init path using Client::token() from the existing a2 crate (which already supports token auth), with clear error messaging if neither auth method is configured

Test plan

  • Verify existing p12 config still works unchanged
  • Verify p8 config successfully authenticates with APNs and delivers notifications
  • Verify startup error is shown if neither cert nor token fields are provided

@infobug
fpush-apns: add APNs token-based authentication (p8)
2a119da 
Add support for token-based APNs authentication as an alternative to
certificate-based (p12) auth. Token-based auth uses a .p8 key file
that never expires, eliminating the need for annual certificate renewal.

Config now accepts either:
- certFilePath + certPassword (existing p12 flow, unchanged)
- keyPath + keyId + teamId (new p8 token flow)

Both auth methods are fully supported and backward compatible.
Existing p12 configs continue to work without modification.
@infobug infobug force-pushed the feature/apns-token-auth branch from 5b2f29b to 2a119da Compare April 25, 2026 03:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@infobug