Local Push Connectivity - Configuring the SimplePush sample - missing entitlements

Question

Created Oct ’21

Replies 7

Boosts 0

Views 2.1k

Participants 4

We are currently trying to evaluate Local Push Notifications by getting the Receiving Voice and Text Communications on a Local Network project up and running, so far without luck.

The Problem

We cannot get the "app-push-provider" entitlement to appear in our provisioning profile.

What we've tried

We applied for the Network Extension App Push Entitlement and got a reply 3 days ago saying that we had been approved but that the changes might not be visible in our account for a few days.

Since then we have:

downloaded the sample project
selected "Automatically manage signing" and selected our team on the various projects in the Simple Push workspace
created a new app group and used that

Doing so results in Xcode spinning with "Creating provisioning profile..." and "Waiting to repair..." before keeling over with this warning:

Provisioning profile "iOS Team Provisioning Profile: xxxx" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement.

OK fine, next we:

created a manual App ID and enabled the "App Groups" and the "Network Extensions" capabilities
created a development Provisioning Profile using the above App ID
downloaded and used that Provisioning Profile instead but with the same result

Provisioning profile "yyyy" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement.

If we look at the generated provisioning profile we can see that the values under com.apple.developer.networking.networkextension does not contain the "app-push-provider" value so...we understand why this doesn't work at least :)

Re-re-reading the README of the sample project we notice this:

After you register the IDs, create two provisioning profiles (one for each identifier) that include the App Push Provider entitlement.

But we cannot find any steps or checkboxes that allows us to do anything out of the ordinary when generating a provisioning profile.

Questions

Well first and foremost, are we doing anything wrong, or has the changes simply just not propagated through yet?
Is there any visible way for us to see that we have access to the "App Push" entitlement?

Concerns

(or: questions that keeps you awake at night when this isn't just working as expected :))

Have we given you wrong information when asking for the permission? In the form we filled out an Apple ID based on an app created in App Store Connect. That app matches a bundleID we've created and that we use when creating an App ID and provisioning profile.
Do we need to use something else than a developer Provisioning Profile
Currently we've used a user with Admin rights to generate these profiles. As the request for this entitlement needed to be created by the Account Owner...does that mean that it has to be the Account Owner who generates the App ID and profiles?

Thank you for reading this. Any help is highly appreciated.

Answered by Systems Engineer in 691138022

selected "Automatically manage signing" and selected our team on the various projects in the Simple Push workspace Provisioning profile "iOS Team Provisioning Profile: xxxx" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement.

Let me tell you how I configured a test bed project I created for NEAppPushProvider. Possibly this will give you some insight on how to resolve your issue:

Go to the Developer Portal and create two new explicit bundle identifiers for your host app and Network Extension targets. Make sure the Network Extension capabilities are enabled. Note that the Network Extension target's bundle id must contain the host app's bundle identifier prefix.
Create two new provisioning profiles for each of these new bundle identifiers that you just created. During the profile creation process there should be a step called "Additional Entitlements." Make sure to add the Push Provider Entitlement to each of your profiles.
Download your provisioning profiles.
Go to Xcode and create a new project and set the explicit bundle identifier that you created from the Developer Portal for your host app and Network Extension target. (Note that you may need to create a dummy NEAppProxyProvider target and then copy the shell for NEAppPushProvider over into this provider to get the Network Extension target configured correctly.)
Select manual signing for each target in Xcode and import the new provisioning profiles you created.
Make sure that both your local entitlement files for each target in Xcode contain the key for:

<key>com.apple.developer.networking.networkextension</key>
<array>
	<string>app-push-provider</string>
</array>

Try this out. If this does not work then I would recommend opening a TSI for more help.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Boost

Answer 1

Systems Engineer OP

Apple

Oct ’21

Accepted Answer

selected "Automatically manage signing" and selected our team on the various projects in the Simple Push workspace Provisioning profile "iOS Team Provisioning Profile: xxxx" doesn't match the entitlements file's value for the com.apple.developer.networking.networkextension entitlement.

Let me tell you how I configured a test bed project I created for NEAppPushProvider. Possibly this will give you some insight on how to resolve your issue:

Go to the Developer Portal and create two new explicit bundle identifiers for your host app and Network Extension targets. Make sure the Network Extension capabilities are enabled. Note that the Network Extension target's bundle id must contain the host app's bundle identifier prefix.
Create two new provisioning profiles for each of these new bundle identifiers that you just created. During the profile creation process there should be a step called "Additional Entitlements." Make sure to add the Push Provider Entitlement to each of your profiles.
Download your provisioning profiles.
Go to Xcode and create a new project and set the explicit bundle identifier that you created from the Developer Portal for your host app and Network Extension target. (Note that you may need to create a dummy NEAppProxyProvider target and then copy the shell for NEAppPushProvider over into this provider to get the Network Extension target configured correctly.)
Select manual signing for each target in Xcode and import the new provisioning profiles you created.
Make sure that both your local entitlement files for each target in Xcode contain the key for:

<key>com.apple.developer.networking.networkextension</key>
<array>
	<string>app-push-provider</string>
</array>

Try this out. If this does not work then I would recommend opening a TSI for more help.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

1

Answer 2

peter_bodskov OP

Oct ’21

TL;DR; It works!

The interesting part was this from your answer:

Create two new provisioning profiles for each of these new bundle identifiers that you just created. During the profile creation process there should be a step called "Additional Entitlements." Make sure to add the Push Provider Entitlement to each of your profiles.

I promise you, we've tried several times over these past days to generate a manual provisioning profile but the "Additional Entitlements" step never did show up...until this time where we were able to select the entitlement and see it appear in our provisioning profile. It must have been because the entitlement was not yet provisioned when we last tried generating a manual provisioning profile.

Thank you so much for your detailed walkthrough. We are now able to get the test project up and running on servers and devices and can start kicking the tires on this thing :)

0

Answer 3

Systems Engineer OP

Apple

Oct ’21

Thank you so much for your detailed walkthrough. We are now able to get the test project up and running on servers and devices and can start kicking the tires on this thing :)

No problem, I am glad you got it up and running!

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 4

oliverpahl-mitel OP

Feb ’23

Sorry to resurrect this Thread, but we have exactly the same problem, and for us the "Additional Entitlements" step never shows up regardless of what we do. We are following the steps in your post to the letter, but it's still not showing up. I hope you can help. Thanks!

0

Answer 5

DTS Engineer OP

Apple

Feb ’23

for us the Additional Entitlements step never shows up regardless of what we do.

Have you applied for, and been granted, access to this capability? See the Important box on this page.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1

Answer 6

oliverpahl-mitel OP

Feb ’23

Thank you very much for the answer! No, I did not gleam that from the conversation in this thread. Sorry for that. I thought that step is only needed if we are to publish the Application with said entitlement to the Store. The current state is, that we only want to do a PoC with a new Application ID to demonstrate to internal R&D how it would work and then productize it into the App that's currently in the store (for which we then would fill out the form). Is there another way to get the entitlement for development certificates for that purpose or do we need to tie it to the in-store application ID from the start? Thanks again!

0

Answer 7

DTS Engineer OP

Apple

Feb ’23

Is there another way to get the entitlement for development certificates for that purpose or do we need to tie it to the in-store application ID from the start?

App IDs and certificates are different things. Apple’s infrastructure supports granting entitlements for specific App IDs and for specific distribution methods. I don’t know whether the folks who approve access to app-push-provider take advantage of that. Still, if you only want it for a proof-of-concept, you can certainly make that clear when you apply.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0