IBM Security Verify

 View Only
Expand all | Collapse all

How to register for Google FCM push notification using Verify SDK?

  • 1.  How to register for Google FCM push notification using Verify SDK?

    Posted Wed May 24, 2023 10:15 AM

    Hi,
    I tried to ask the same question but could not locate my post any more. So repost it again. 
    ISV supports both of Apple Push Notification Service, and Google Firebase Cloud Messaging as notification services. But the IBM Security Verify application only supports the "Push for IBM Verify" as Push Provider. If we are using the IBM Verify SDK in our custom mobile app, can I use SDK to register push notification from FCM, not the IBM push provider? I cannot find any doc about it, so asking. 

    Thanks for the help in advance. 



    ------------------------------
    Regards,
    Eric
    ------------------------------


  • 2.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Sun May 28, 2023 08:20 AM

    Hi Eric,

    If you want to use the Verify SDK in our custom mobile app, you need to register your mobile app with the push services from Apple (APNS) and Google (FCM) and add the relevant information in the ISV push notification configuration dialog for "Apple" and "Firebase". The "Push for IBM Verify" configurations is used by customers who use our IBM Security Verify mobile app.

    The Verify SDK itself does not handle push notifications. It is the responsibility of your mobile app to handle incoming push notifications and to store the push token in SharedPreferences (Android) or UserDefaults (iOS), so that the Verify SDK can pick it up. 

    Pseudo code for Android:
    FirebaseMessaging.getInstance().getToken().addOnCompleteListener(task -> {
       if (task.isSuccessful()) {
          SharedPreferences.setString(RegistrationAttributes.PUSH_NOTIFICATION_IDENTIFIER.toString(), task.getResult());
       }
    });

    The push token is uploaded to the server when the app registers an authenticator (in AuthenticatorContext.sharedInstance().create(...)) and in subsequent token refresh flows.



    ------------------------------
    Carsten Hagemann
    ------------------------------



  • 3.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Mon May 29, 2023 10:31 AM

    Hi Carsten,
    thanks for the info. I got your points. So with custom mobile app using Verify SDK, it won't support "Push for IBM Verify", but only the APNS and FCM. We are using Verify SDK to register the device and enroll authenticators, with the push tokens. After enrollment, ISAM AAC can push notification to the device. 
    For AAC to send the push notification, I can see it is using the out of box mechanism "MMFA Authenticator" with mode "Initiate". Is there another way to send push notification from AAC, like calling an API from a custom infomap? I am looking for a way to delivery the push notification through a third party services, instead of using the "Push Notification Providers" configured in AAC. The third party services will send the notification via FCM on behalf of AAC. And the MMFA transactions should still be created in AAC, so that we can verify the transaction using Verify SDK. Is it possible?



    ------------------------------
    Regards,
    Eric
    ------------------------------



  • 4.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Mon May 29, 2023 06:18 PM

    Hi Eric,

    Could you please elaborate on the use case why you want to use a 3rd party push provider? Ultimately, at the end the notification will be delivered via APNS/FCM anyway.



    ------------------------------
    Carsten Hagemann
    ------------------------------



  • 5.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Tue May 30, 2023 09:19 AM

    Hi Carsten,
    currently a different team manages the message delivery to customers, like SMS, email, FCM notifications. It is a centralized shared REST services for all other teams. We are using it for one way push notification to send HMAC OTP, so that our team don't need to deal with FCM registration, and customer communication profiles. But for this MMFA push notification, I have not found a way to use that services. Any idea?



    ------------------------------
    Regards,
    Eric
    ------------------------------



  • 6.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Wed May 31, 2023 12:58 AM

    Hi Eric,

    From the ISVA perspective its not possible to customize the payload that gets sent to the push provider. You may be able to create a proxy that accepts the REST calls from ISVA and converts them into the desired payload for your service.



    ------------------------------
    KERRY GUNN
    ------------------------------



  • 7.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Wed May 31, 2023 09:41 AM

    Hi Kerry,
    It is interesting workaround to use a proxy to intercept the request to FCM. I am assuming ISVA is posting request to the path: https://fcm.googleapis.com/fcm/send, correct me if I am wrong. We can configure the push provider host name to our proxy server instead of FCM host. So our proxy will need to handle the REST call on the path /fcm/send. Do you happen to know the ISVA request payload to FCM during the push notification? 



    ------------------------------
    Regards,
    Eric
    ------------------------------



  • 8.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Wed May 31, 2023 08:40 PM

    Hi Eric,

    Yes the path will be https://<host>/fcm/send for the Firebase provider and the payload will look something like:

    {
      "to": "<device_id>",
      "content_available": true,
      "priority": "<priority>",
      "notification": {
          "title": "<title>",
          "body": "<message>",
          "badge": "<badge>"
      },
      "data":{
       "mmfa.transaction.id":"<tran_id>",
       "com.ibm.security.access.mmfa.tenant":"<tenant>"
     }
    }



    ------------------------------
    KERRY GUNN
    ------------------------------



  • 9.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Thu June 01, 2023 01:51 PM

    OK. Perfect! Thanks Kerry. It looks like the <device_id> is the FCM push token, correct? And what is the badge for? The questions are for my curiosity. Technically we can just forward the whole thing to the FCM server. 



    ------------------------------
    Regards,
    Eric
    ------------------------------



  • 10.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Thu June 01, 2023 07:35 PM

    Update on the payload. The badge and content_available are not valid for FCM so they will not be in the payload.

    {
      "to": "<device_id>",
      "priority": "<priority>",
      "notification": {
          "title": "<title>",
          "body": "<message>"
      },
      "data":{
       "mmfa.transaction.id":"<tran_id>",
       "com.ibm.security.access.mmfa.tenant":"<tenant>"
     }
    }

    Yes. The device_id is the FCM push token.

    Thanks.



    ------------------------------
    KERRY GUNN
    ------------------------------



  • 11.  RE: How to register for Google FCM push notification using Verify SDK?

    Posted Fri June 02, 2023 10:15 AM

    Once again, thanks Kerry for confirmation of the payload. We will give it a try. 



    ------------------------------
    Regards,
    Eric
    ------------------------------