I'm building a little android app that will connect to a server.
My app would use a simple post to send a message to my server, and I'm using Google Cloud Messaging for the server to send a message to my app.
I built a registration page, an email confirmation and a connection page but now I wonder how to lock the communication between the server and the app.
This is the protocol I have in mind ( let's take the simple exemple of app to app message) :
App send post infos to the server with self infos (like name and auth_token), destination user and the message
Server search the apps which belong to the destination user and use curl to forward the message to GCM
GCM send the message to the destination apps
How can the server be sure that the name, auth_token etc the server receive are really from the sender ?
Let the server generate the authentication token when the client is doing the registration and send this back to the client. The server now knows the [client - token] mapping.
Every time the client wants to send a message, it also sends the authentication token which the server can look up and check. The client does not even have to send his or her name, the server should know this.
To prevent MITM attacks, use a secure connection (HTTPS).
Although there are lots of solutions to secure the connection, when you are using GCM for your downsteam messages, I recommend using the new Google Cloud Messaging API which supports Upstream Messaging (from client to server).
It is very fast, reliable and secure.
Here you can find the docs
You should only change your server side from HTTP to XMPP.
Here you can find the docs.
Related
I am completely new to push notifications, FCM and Ionic.
I have followed this tutorial to create a push notification using Ionic 2 and it works.
It feels like there is no use of device-id (generated at the client side) at the server side in this ionic doc.
I am unable to understand how to send different push notifications to different users using the same app and same server code?
Also whats the purpose of FCM (Server key and Sender ID) here?
What's the exact workflow, does it works like a web-socket?
Thanks for the guidance :)
1. It feels like there is no use of device-id (generated at the client side) at the server side in this ionic doc.
The device-id (aka the Registration Token) is the identifier for the specific device you intend to send the push notification to. Saving this value in your App Server is important so that you can send push notifications specifically towards it (should you decide/need to) later on.
2. I am unable to understand how to send different push notifications to different users using the same app and same server code?
As mentioned above, this is where the device-id (Registration Token) comes into play. For each device, there is a corresponding unique id, which you'll have to specify in your payload.
3. Also whats the purpose of FCM (Server key and Sender ID) here?
You can refer to the FCM docs for these:
Server Key - A server key that authorizes your app server for access to Google services, including sending messages via Firebase Cloud Messaging. You obtain the server key when you create your Firebase project. You can view it in the Cloud Messaging tab of the Firebase console Settings pane.
Important: Do not include the server key anywhere in your client code. Also, make sure to use only server keys to authorize your app server. Android, iOS, and browser keys are rejected by FCM.
Sender ID - A unique numerical value created when you create your Firebase project, available in the Cloud Messaging tab of the Firebase console Settings pane. The sender ID is used to identify each app server that can send messages to the client app.
To keep it short, Server Key is for authenticating, Sender ID is for identifying from which project the message is coming from.
4. What's the exact workflow, does it works like a web-socket?
Not really. Having a web-socket means that having the connection always active until decided to be closed, where in FCM (or even before, GCM), the lifecycle is like this:
Lifecycle Flow
Send and receive downstream messages.
Send a message. The app server sends messages to the client app:
The app server sends a message to GCM connection servers.
The GCM connection server enqueues and stores the message if the device is offline.
When the device is online, the GCM connection server sends the message to the device.
On the device, the client app receives the message according to the platform-specific implementation. See your platform-specific documentation for details.
Receive a message. A client app receives a message from a GCM connection server.
Send and receive upstream messages. This feature is only available if you're using the XMPP connection server.
Send a message. A client app sends messages to the app server:
On the device, the client app sends messages to the XMPP connection server. See your platform-specific documentation for details on how a client app can send a message via XMPP.
The XMPP connection server enqueues and stores the message if the server is disconnected.
When the app server is re-connected, the XMPP connection server sends the message to the app server.
Receive a message. An app server receives a message from the XMPP connection server and then does the following:
Parses the message header to verify client app sender information.
Sends "ack" to the XMPP connection server to acknowledge receiving the message.
Optionally parses the message payload, as defined by the client app.
I am unable to understand how to send different push notifications to different users using the same app and same server code?
It's your task. Your message must contain all neccessary data (i.e. userId) so your app knows which of the users are target for that message.
I am trying to make a simple messaging app that has a mysql and php server with an android app. My back end revolves around mysql to store and php to communicate from the database to the device and vise versa.
Now, what I am trying to accomplish is this: sending device->GCM->target device.
What I had in mind was that the database I created stores the gcm Id for all user. That way, when a user wants to send a message, their app sends a message to my database to be stored and retrieves the targets gcm Id and then sends the targets gcm id to the gcm servers to create the push notificiation. When the target receives the gcm message, it sends a response to the database to receive the actual sent message.
Is this possible, and how would I go about doing this?
I already have a gcm receiver implemented from here:
https://github.com/codepath/android_guides/wiki/Google-Cloud-Messaging
No. Don't do it.
For any internet connected device (server or mobile) to request a push to a device, it needs to send a POST request to the GCM address (https://gcm-http.googleapis.com/gcm/send) passing the server API key and the device GCM reg id which should receive the message. And having any of those values available on a device is a security risk for your application.
Having your registration ID, means ppl could easily "copy" your ID and start sending messages from their servers on your behalf.
The GCM device registraion ID, means anyone could start spaming your users, and you certainly don't want that.
You could look into GCM Upstream (https://developers.google.com/cloud-messaging/upstream) but that only means your client code will be easier, as it's as simple as calling gcm.send(String);, but you still have to handle that on your server application.
The correct way is to have on your server a table that maps userId with gcmRegId and have devices send to your server messages to their desired userId. Your server should process one device "send" message and create a push to the other device. That logic should be fairly simple on the server side, after you already have a whole chat application developed.
I am trying to understand the concept of gcm upstream messaging.
Well what I came to know till now after browsing for hours is this :
1)My client app sends upstream message to gcm server.2)GCM server then sends it to my 3rd party app server.3rd party app server responds to it my sending ACK to GCM server.3)Then GCM server echoes the message to the recipient device(recipient Id is included in the upstream message sent from the app).
I don't if its what actually happens.
Now that I am sure that in some step GCM server sends mesaage to my server, how actually GCM server
sends message to my app server. How does it come to know about my app server as there is nowhere where we put my server's address
I have searched the whole Internet but couldn't find anything about this.I have gone through several SO questions but I couldnot find my answer.
I want to know the entire series of steps what happens during this entire process. I am very confused.I want to know the entire concept and what's going on behind all this.
Any detailed explanation with all steps will be appreciated.
To inform I have read the Google docs.
You have much of the flow correct but I think another read of the Docs will clear things up.
Your application server must act as an XMPP client, and connect to CCS (GCM's XMPP server). Your server connecting to CCS is how GCM knows the "address" of your server.
Cleaning up the flow you suggested:
Your app server connects to GCM's CCS.
Your client app (android app) gets a registration token.
Your client app (android app) sends that token to your app server.
Your client app send upstream message to GCM.
GCM fwds that message to your application server.
Your application server send Ack to CCS.
Your application server handles the received message.
Note the above flow is a possible one, there are many others, also downstream messages are not part of the flow. Again refer to the docs for more details.
I want to know which protocol is used to send push notification to android devices and which to send push notification requests to GCM.
Whether it is HTTP, HTTPS or some thing else?
The protocols of the communication between the 3rd party server and GCM server (HTTP or XMPP) were already mentioned in the other answers.
The protocol of the communication between the device and GCM server is not discussed in the GCM documentation, since you never have to access it directly as an Android application developer, and therefore you don't need to know about it.
However, here's a quote from a Google developer from the team that created GCM, which says a few things about the connection. From what he says, you can only know that it's a long-lived TCP connection.
GCM maintains a long-lived connection - and reconnects if it knows the
connection was broken. A router/AP/NAT is supposed to send a FIN or
RST to terminate the TCP connection - so GCM and servers will know the
connection is dead.
However a number of routers and mobile operators don't do this, and
then GCM needs to rely on the heartbeat, ~15 min on Wifi, more on
mobile.
(The quote is taken from an answer by that person)
There are two protocols http and xmpp which you can use to send message to GCM server.
Now its up to you what you want to use. If you want to broadcast message then u should go with http.
you can broadcast 1000 message in a single http request. And only one message through xmpp in a request...
Http can be used only for down streaming(3rd party app server -gcm-mob device)
But gcm won't support up streaming using http.
for that you should use xmpp.Xmpp can be used for both up streamlining and down streaming.
Implementaction of push notification can be very easy if you are going with http and that much more hard if you are going with xmpp.but Google has provided detail tutorial how to implement xmpp.
So please have a look On Google developer site.
Looking at #user3523641's answer and further conversation, I'll try to explain further:
The way of delivering messages is based on the protocol that you've chosen, either HTTP or XMPP (i.e., it's the same). The magic and basic way of working is leaving a socket opened between the GCM server and the user's device.
This way, when an user should receive a message, this opened socket will be used and send the message through itself. This also helps the GCM server knowing which devices are connected or not. So this way, if your third party server says a message should be sent to a user and the GCM server knows the user is not connected, it won't send it at that time, but will try once the connection is again established, so it won't waste connection attempts in vain. The default timeout is 4 weeks, however, it can be changed.
As per the official GCM documentation:
If the device is not connected to GCM, the message will be stored until a connection is established (again respecting the collapse key rules). When a connection is established, GCM will deliver all pending messages to the device, regardless of the delay_while_idle flag. If the device never gets connected again (for instance, if it was factory reset), the message will eventually time out and be discarded from GCM storage. The default timeout is 4 weeks, unless the time_to_live flag is set.
Finally, when GCM attempts to deliver a message to the device and the application was uninstalled, GCM will discard that message right away and invalidate the registration ID. Future attempts to send a message to that device will get a NotRegistered error. See How Unregistration Works for more information.
You can find more info here.
It uses both HTTP and XMPP
When the message is processed successfully, the HTTP response has a 200 status and the body contains more information about the status of the message (including possible errors). When the request is rejected, the HTTP response contains a non-200 status code (such as 400, 401, or 503).
iOS however, requires a dedicated TCP connection on a proprietary port, and GAE environment doesn't allow any external protocol except HTTP over port 80.
The message size limit is 1024 bytes.
Google limits the number of messages a sender sends in aggregate, and the number of messages a sender sends to a specific device
This is how these components interact:
Google-provided GCM Connection Servers take messages from a 3rd-party application server and send these messages to a GCM-enabled Android application (the "client app") running on a device. Currently Google provides connection servers for HTTP and XMPP.
The 3rd-Party Application Server is a component that you implement to work with your chosen GCM connection server(s). App servers send messages to a GCM connection server; the connection server enqueues and stores the message, and then sends it to the device when the device is online. For more information, see Implementing GCM Server.
The Client App is a GCM-enabled Android application running on a device. To receive GCM messages, this app must register with GCM and get a registration ID. If you are using the XMPP (CCS) connection server, the client app can send "upstream" messages back to the connection server. For more information on how to implement the client app, see Implementing GCM Client.
Check out this for more details -->
Google Cloud Messaging for Android (GCM)
Android Cloud to Device Messaging Framework
Cloud Messaging
Cloud to Device Messaging
I would like to use GCM (Google Cloud Messaging) and was wondering if it was possible to set it up on Windows Server (IIS) instead?
Currently my web services are all hosted on Windows Servers as WCF services. I'd like to avoid having to have a dedicated server for GCM.
Instead of what? Any server connected to the internet can be used as a sender of GCM messages. Your Android application has to be able to connect your server in order to pass the device Registration ID to it. And your server has to be able to send POST requests to https://android.googleapis.com/gcm/send in order to send the messages.
Or as stated in the GCM Documentation :
Before you can write client Android applications that use the GCM
feature, you must have an application server that meets the following
criteria:
Able to communicate with your client.
Able to fire off HTTPS requests to the GCM server.
Able to handle requests and resend them as needed, using exponential back-off.
Able to store the API key and client registration IDs. The API key is included in the header of POST requests that send messages.