IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  IBM Verify Push Token

    Posted Tue March 05, 2019 09:56 AM
    Hello,

    I am currently building a custom version of the IBM Verify App using the Verify SDK and found an issue I can't seem to resolve using the documentation available. 
    When registering an account using the IBM Verify App its posting following data to the server: 

    {
    "attributes": {
        "accountName": "email@example.com",
        "applicationId": "com.ibm.security.verifyapp",
        "applicationVersion": "2.1.0 (5)",
        "deviceId": "xxxxxxxxxxx",
        "deviceName": "xxxxxxx",
        "deviceType": "iPhone",
        "faceSupport": false,
        "fingerprintSupport": true,
        "frontCameraSupport": true,
        "osVersion": "12.1.2",
        "platformType": "IOS",
        "pushToken": "vwx88YTgk22xxxxx:xxxxcpi2",
        "verifySdkVersion": "2.0.2 (1)"
    },
    "code": "xxxxxxxxxx"
}
    The part in Question is the "pushToken". Firstly, it's weird that a push token is send at all, since I declined push Notification in this example. Secondly, it does not match the format for an Apple / iOS push token. 

    I can't find anything regarding how to "get" / generate this token in the documentation, so I hoped someone here has some insight.

    Thanks in advance.

    ------------------------------
    Levin Faber
    ------------------------------


  • 2.  RE: IBM Verify Push Token

    Posted Wed March 06, 2019 05:15 AM
    Hi Levin.
    I've passed on to our Verify development team so that can guide you around the docs.

    ------------------------------
    Scott Andrews
    ------------------------------

    Original Message


  • 3.  RE: IBM Verify Push Token

    Posted Wed March 06, 2019 07:57 PM
    Hi Levin,

    a little bit of background first: we use IBM Watson Campaign Automation (IBM WCA - https://www.ibm.com/support/knowledgecenter/SSMRK7_3.0.0/AppPush/kc_welcome_apppush.html) to handle the push notifications in IBM Verify. That basically works for us as a proxy, because we want to allow customers to use IBM Verify as part of their own solutions, but without exposing our API keys.

    The process is the following:
    • the WCA SDK sends the APNS/FCM push token to the WCA server
    • IBM Verify sends the WCA token (a string combined of channelId and userId) to ISAM
    • if ISAM wants to send a push, it sends the WCA token to the WCA server
    • WCA server looks up the 'real' push token for that device and sends the push notification

    The 'pushToken' that you see in the payload is the WCA token and you can retrieve it like this (you need the WCA SDK for that):
    channelId = MCERegistrationDetails.channelId()
    userId = MCERegistrationDetails.userId()
    pushToken = userId + ":" + channelId

    If you develop your own mobile app, but don't use the WCA SDK, you need to add the token here that you get from the APNS/FCM service.

    Why is that token send, even if you disabled push notifications? It links your device with the WCA service. The APNS/FCM push token and its updates is handled by the WCA SDK and if you disabled it, they won't get one.

    ------------------------------
    Carsten Hagemann
    IBM
    ------------------------------

    Original Message


Related Content