IBM MobileFirst V7.1 Push Notification Issue - push-notification

We are developing hybrid mobile application in IBM MobileFirst V7.1,Java 1.7v.
In this application we are developed push notification using Adapter Based Authentication.
In our application we are sending push notification using Adapter based Authentication.
The notification is delivered based on userId.
Here for first time to a particular userId,I'm able to send notification.
After that when user trying with another userId I'm unable to send notification,getting an error "user already exist please logout".
Error in Log:
Cannot change identity of an already logged in user in realm 'pushAppRealm'. The application must logout first.
for this in client side I'm checking whether user is authenticated or not by using "WL.Client.isUserAuthenticated(realm)" ,it is always retuning false.
I also tried with logout option when user clicks on login button I'm logging out the user and again authenticating the user -
here also I'm facing same issue "user already exist please logout".

Push notifications should be dispatched from the server , not from the client.
In your flow, the very first time you authenticate , you will assign a user identity into your user realm. Now from the client , you invoke the adapter procedure that sends out the notification.
The second time around , you pass another userid. This time you try to authenticate again with the another user (all within the same session). It amounts to forcing a new identity when the realm already has one.
This is why you see message in the server that says - "Cannot change identity of an already logged in user in realm 'pushAppRealm'. The application must logout first."
The right approach to be adopted is :
Authenticate into the realm.
Subscribe for Push. This assigns the user identity from 1) to your subscription.
Either use poll mechanism or REST API calls to dispatch notification. Pass the userids as arguments in the REST calls.

Related

FCM Token - When should I store/save it on my DB?

I am not sure what a proper FCM token handling mechanism would be so I’m writing our process down here just to get some validation or suggestions for improvements:
Fetch FCM token on client Login (Flutter)
Save FCM token on our Database (Using our REST API)
Delete FCM token on Logout (Using our REST API)
Q1: Should we be getting the FCM token more often than just on login? AFAIK, FCM token only changes on app re-installs, clearing cache, etc. Does this also include app-updates from the PlayStore? In that case, should we save the FCM token on every app launch since the user will remain logged in after an app update and hence we wouldn't trigger the save FCM call.
Q2: Did I mention the right way to handle deleting FCM tokens from our DB? We don’t want the user to keep getting notifications once they have logged out.
Q3: An add-on idea is to send the device_id to the server along with the fcm_token so that server deletes all previously saved FCM tokens for that device_id. This is useful to not have useless tokens on the DB from cases where the user uninstalls the app without logging out (which means that the DELETE fcm_token call never went through.)
The FCM token is refreshed under conditions that you don't control, and those conditions have even changed over time. To handle token updates properly, you'll need to implement both initially getting the token and then monitoring for token updates.
Note that FCM tokens are not associated with a user. It is fine if you want to associate them with a user, but it's up to your application code in that case to maintain the association. So that for example includes deleting the token from your database when the user signs out, as you're doing in step 3. 👍
For keeping your token registry clean, you can indeed do this proactively as you intend, or reactively as shown here: https://github.com/firebase/functions-samples/blob/master/fcm-notifications/functions/index.js#L76-L88
Hi Rohan fundamentaly you should use below logic to save tokens on server.
Step1:
as soon as you get token in callback whether new or same try to save it localstorage.
Step2:
Call your REST API to save it to your server. it is upto you if you want to send unique user identifier along with the token.
Step3:
It is obvious you will recieve token callback a lot of time so you can check whether you have similar token in localstorage, it means you have the token on the server so no point calling REST API.
Step 4: Now your app can send events back to server and based on it trigger Push notifications to the users.
Step 5: You can Add/update user token based on uniqye user identifier. In some cases a user can be guest user, so your app should generate guest userId and link it with token.
Stay safe.

MFP 8 Push Notification to Particular USER ID

Trying to send Push Notification based on DEVICE_ID, In MFP 8 Console, My device ID is showing under DEVICES section but if i try to send notification, Console throws error as "An error occurred while the notification was sent. Internal server error. No devices found."
Scope - push.mobileclient
Initialize, isPushSupported and then RegisterDevice is triggered and in logs, it shown the token as well. how to resolve ?
Device registration showing up in the Devices console does not mean that push registration is successful. Even if push registration is complete, it will depend entirely on the application logic that there is a user identity associated with the subscription.
When you attempt to send notification by userid and it says "No devices found", this means that there are no subscriptions against this userid. It is possible there is no subscription at all , or the subscriptions have been made against a different user - or even anonymous user.
Use get push registrations and get push subscriptions REST calls to verify your current registration and subscription. If these are with anonymous user identity verify your scope -> security check mapping and your application logic.

Firebase (FCM) registration token

I am the new for FCM. Here are some questions about the registration token:
Is the registration token generated by the FCM connection server?
Does the token change periodically in the connection server?
When?
Will it force the onTokenRefresh() in the app to be called?
I have googled for a week but didn't get any details. Please help. Thanks.
1. Is the registration token generated by the FCM connection server?
No. It gets generated by the FirebaseInstanceID. The way I understand the flow of event on first time registration:
The app retrieves a unique Instance ID.
The registration token is generated by calling the InstanceId.getToken().
Developer (usually) sends the token to the App Server.
2. Does the token change periodically in the connection server?
I think the onTokenRefresh() docs pretty much answers this.
Called when the system determines that the tokens need to be refreshed. The application should call getToken() and send the tokens to all application servers.
This will not be called very frequently, it is needed for key rotation and to handle Instance ID changes due to:
App deletes Instance ID
App is restored on a new device
User uninstalls/reinstall the app
User clears app data
The system will throttle the refresh event across all devices to avoid overloading application servers with token updates.
See this part of the docs for more details.

How can I know that a Firebase Cloud Messaging token is out of use?

A single user can have multiple devices connected to his account.
Because of that he can have multiple cloud messaging tokens.
Everytime the user opens the app the token from that device is send to the app server and saved there.
What happens if a user uninstalls the app from one of his devices? I have no chance to tell the server that the token is not longer in use.
Can it occure that I notify an other user instead since this other user has acquired the not longer used token from the original user?
What happens if a user uninstalls the app from one of his devices?
Usually, when your app is uninstalled, it is advisable for you (the developer) to automatically make sure that the corresponding registration token is deleted from your own App Server.
Can it occure that I notify an other user instead since this other user has acquired the not longer used token from the original user?
No. Each registration token is unique per each app instance. So rest assured that if a registration token is invalidated/expires for whatever reason, no other user will be able to use it. Sending a message to an invalid/expired registration token will result to a NotRegistered error.
Tokens are not re-used so there should be no risk of notifying another user. Tokens cannot be acquired by one user from another.

Best practices for push notifications in multi user applications?

I'm working on a push architecture that needs to support applications which allow for multiple users. This means more than one user can log into the application with their credentials. The problem I'm running into is what if user A allows push notifications, then logs out, then user B logs in and starts getting user A's push notifications?
What are some best practices for handling this type of thing? One thought I had was you could remember the last user who logged in and only display push notifications to the "logged in" user. You would have to send some sort of user context in the message payload so it could be checked against the logged in user. However this feels a little funky.
Anyone else ran into this? It's seems like a really relevant problem, especially for tablets where families tend to share the device.
We're implementing this by Registering the device with APSN, getting the device token and sending this to our server through a ws.
On the server side the device token is only associated with the last logged in user.
New app
User A (first ever user) uses IPAD A
Register with APSN, get token
Send token to our servers through ws
Search for token in db, token is new, store it
assign token to USER A
Next user logs into app
Register with APSN, get token
Send token to our servers through ws
Search for token in db, token exists already
Remove connection to USER A
assign token to USER B
SEND Notification to device WITH USERNAME
if username is logged in show it - else dont
Still not perfect as its sent to home screen first so to ALL users
I think your suggestion is acceptable in a multi-user app. It is much simpler to implement this in the client side, than on the server side. The downside is extra bandwidth wasted to send an unneeded notification. But vast majority of the usage is probably single-user so this may not matter much.
The alternative is to track the logged on users on your server and their current reg_ids. This could be more complicated because A could be logged on on multiple devices, then logs out from device 1, and B logs onto device 1, etc. and your server has to track all of these. So probably another table to track the relationships between 'Logged On Users' to 'Reg Ids'.
If you hate the idea of sending unneeded notifications, go with the server route. If you value Keep-It-Simple principle, go with the client route.
Let's suppose users of your app can logging on multi devices.
We have to make two API on server side:
func setUserDeviceNotifyToken(userId: Int, deviceToken: String) {}
func removeUserDeviceNotifyToken(userId: Int, deviceToken: String {}
On your app side, you have to call setUserDeviceNotifyToken API on every Login In and call removeUserDeviceNotifyToken on every logout.
On server side, you can track every user with its deviceNotificationToken and send notification for correct device.
Notice: If your service doesn't suppose to support multi device login with one user, you can handle it just by one updateUserDeviceNotifyToken and pass null for remove user's device token.
Notice 2: Do not let user logout before calling removeUserDeviceNotifyToken API.

Resources