Post

Replies

Boosts

Views

Activity

Comment on Which key to use to validate the Server-Side Notifications v2 JWTs?
Thanks - that's helpful. I can see the G6 certificate that I think issued the one in the JWT (still working on that...). But I'm still pretty unclear about what I'm expected to do with this. I'm guessing I won't always get a JWT signed by G6. There were some PDFs linked from that page, but they all read like T&C's, and I'm not convinced that I am the target audience for them. I'm surprised that there doesn't seem to be anywhere that Apple spells out what it expects you to do to validate the token. The more complicated and ambiguous it is, the more chance that laods of insecure implementations are going to crop up across the cloud which can't be good for anyone.
Nov ’21