Conversation
Notices
-
Embed this notice
feld (feld@friedcheese.us)'s status on Friday, 04-Oct-2024 07:30:10 JST feld @grishka @dansup
> If you instruct app developers to create separate API keys just for push notifications, no harm could be done with them
Is this allowed? And does Apple/Google allow you to share your keys like that?-
Embed this notice
dansup (dansup@mastodon.social)'s status on Friday, 04-Oct-2024 07:43:55 JST dansup @feld @grishka What are you talking about?
This is literally how every Mastodon/Pleroma app works, the developer uses a proxy server to forward requests from Mastodon/Pleroma/Pixelfed to APNS/FCM.
The API keys are for signed requests to my proxy server
-
Embed this notice
dansup (dansup@mastodon.social)'s status on Friday, 04-Oct-2024 07:56:42 JST dansup @feld @grishka I want to further clarify that the ExpoToken that the app generates and sends to the server is useless unless you have our expo API key, so you can't abuse access to FCM or APNS
-
Embed this notice
feld (feld@friedcheese.us)'s status on Friday, 04-Oct-2024 08:06:26 JST feld @dansup @grishka I mean if I pull up the source of Husky or whatever on GitHub the key will be in there? I thought it was only in the officially built and distributed app
-
Embed this notice