Invalid token when using Apple Push Notifications (APN) for Passbook

Asked 17/2, 2013 at 19:51 Answered 29/5, 2020 at 0:32

Solved ios push-notification apple-push-notifications passbook

I am trying to create a server-side implementation for passbook APN, but the server does not like the push token that the device is giving me. If I send the token to Apple's sandbox server, it sends me an "invalid token" response. If I send the token to Apple's production server, it returns the token in the feedback service as one that I should remove from my list. At least I know that the APN certificates and connection to the server work fine.

My iPhone 4s has been enabled for development. The APP ID is enabled for both development and production and the device is enabled in the provisioning profiles. I have verified that the 32 byte binary token data is correct with respect to the string token that is sent from the device.

One question that I have is, how does passbook in the device determine which token to use (development vs production)? I would prefer to be using the sandbox environment right now, but I'm not sure how to "select" it.

I have seen similar topics for this but none seem to have the answer for this issue. It is really frustrating as I feel that I'm so close to making this work! Thanks in advance for any advice!

Upward answered 17/2, 2013 at 19:51 Comment(0)

If you are using a pruduction certificate to connect to the APN production server, you must use a production token.

The fact that you get "invalid token" when sending the notification to the sandbox server means you are using a production token, which works only with the production server.

The fact that sending the token to the production server returns the token in the feedback service means that the application that matches the certificate (which your server is using to send the notification) is either uninstalled from the device or has push notifications disabled. Perhaps you are using a wrong certificate (perhaps a certificate that belong to a different App that was uninstalled from the device).

Bathyscaphe answered 17/2, 2013 at 20:28 Comment(5)

Thanks for your feedback! The only certificate in the provisioning portal is a development certificate according to Certificates->History. – Upward 17/2, 2013 at 20:49

The APP ID has both dev and prod certificates enabled for APN and those are the ones that I use to connect to Apple's servers based on which server I'm connecting to. I have the passbook application installed on the phone (can't uninstall it) and notifications are enabled in the notification settings. I've rebooted the phone as well and uninstalled the pass and reinstalled it many times with the same results. Thanks. – Upward 17/2, 2013 at 20:54

Well, the passbook programming guide says : "You use the same certificate and private key for sending push notifications as for signing passes." This implies you shouldn't use the regular push notification certificates of your App for Passbook notifications. – Bathyscaphe 17/2, 2013 at 21:18

It works! Thank a bunch!!! I didn't notice that line in the guide because it is not in the "Local and Push Notification Programming Guide" that I was using. I am now using the same Pass Type ID cert to sign the pass and connect to the APN server. I'm still not sure how to get the device to use a token for use with the development server, but I guess that I don't need to now that it is working. Thanks again! – Upward 17/2, 2013 at 22:43

You're welcome. I've read somewhere that you can't send Passbook push notifications through the sandbox server, but I didn't see it mentioned in the Guide. – Bathyscaphe 17/2, 2013 at 23:19

For Passbook pushes, you need to be connecting to the production server with the Pass Type ID certificate, not the App certificate.

All Passbook pushes go through the production server, there is no way to use the sandbox.

Also, the push payload should be empty for a Passbook push. Anything you do send will be ignored.

Compression answered 18/2, 2013 at 0:8 Comment(0)

Found the root cause for this issue, it is because of bad private key. To resolve this issue just generate a .p12 certificate with .pem . For creating the p12 file with .pem file please follow the below method

Zoochemistry answered 11/4, 2016 at 11:10 Comment(0)

Rewriting the above statements in text format so you can copy/paste them. That did the trick for me, PushSharp 4.0.10 was returning an error about an invalid certificate, but executing these commands on the original public and private keys solve the problem:

openssl x509 -in aps.cer -inform DER -out aps.pem -outform PEM
openssl pkcs12 -nocerts -in mykey.p12 -out mykey.pem
openssl pkcs12 -export -inkey mykey.pem -in aps.pem -out iphone.p12

Medullary answered 4/10, 2016 at 22:43 Comment(0)

I stuck in a hour and I find a way to fix it: In xcode 11: project setting -> singing & Capabilities -> (+) -> background -> tick Remote notifications.

Bromic answered 29/5, 2020 at 0:32 Comment(0)

Recommended topics

Hot tags