1

As part of our solution, we deploy an FCM "app server" at each of our customer sites. Each customer site need to generate their own sender id and server id for use with our app.

The default FCM implementation places the Sender ID and Server Key in a plist (iOS) / json (Android) which is integrated into the app code at compile-time. However since we have multiple current customers and will have new customers, our mobile app needs to be able to make a service call to the customer App Server, retrieve the Sender ID and Server Key, and load those into FCM at runtime.

We've seen some documentation around getToken to accomplish registering with multiple senders, but we only need to register with 1 sender and completely bypass the plist/json.

Question: How can we programmatically load Sender ID and Server Key instead of using GoogleService-Info.plist (iOS) / google-services.json (Android).

For more context, here is our recent related question about security for the same workflow.

Community
  • 1
  • 1
user1727021
  • 100
  • 8

1 Answers1

4

places the Sender ID and Server Key in a plist (iOS) / json (Android) which is integrated into the app code at compile-time

There is nowhere in your client app that the Server Key is included. Like the name implies, the Server Key is kept on the App Server side. The only Sender ID that is included in the json/plist file you get from the Firebase Console is the Sender ID for your project. FCM doesn't use any kind of API key that is in the google-services.json file (see my answer here).

How can we programmatically load Sender ID and Server Key instead of using GoogleService-Info.plist (iOS) / google-services.json (Android).

When registering a new server, you would only need the Sender ID. Then simply call getToken(authorizedEntity, scope). This could be possible, by implementing a function that gets a list of valid senders from your App Server side and then have a copy on the client side, if there is a new Sender included, have your app authorize it as a valid sender.

Community
  • 1
  • 1
AL.
  • 36,815
  • 10
  • 142
  • 281
  • So can we skip adding the json/plist file to the mobile app project altogether? It seems it's not necessary... especially since we need to call "getToken" for multiple projects. – user1727021 Apr 26 '17 at 16:37
  • 1
    I haven't tried it out myself, but according to [this post](http://stackoverflow.com/a/33083898/4625829), it's possible, so long as you're able to provide the ids needed for the app (like the default sender id). – AL. Apr 27 '17 at 07:09
  • @AL. What if I want to share a different Sender ID with an external client? Then, if someday I want to remove that client as a sender, I can do it. Is it possible? Or, how I should manage this use case? Thanks in advance. – Sebastian Diaz Dec 05 '22 at 23:00
  • 1
    @SebastianDiaz it depends on your project structure. If you have authority on the Firebase Project to which the external sender ID is tied to, then you can simply deactivate that project later on. If not, you'll have to implement a custom approach of tracking which senders the token(s) are tied to. However, it's been a while since I've dabbled with FCM, so I would suggest some further lookup in case there's a better or an already built-in solution to your case. – AL. Dec 06 '22 at 06:24