是否需要GCM 3.0刷新注册令牌?

时间:2015-06-03 14:14:44

标签: android google-cloud-messaging

使用最新的GCM更新(3.0)是否仍需要在重启等情况下处理刷新注册令牌? This article讨论了使GCM可靠并涵盖注册令牌可以更改的几个条件。这些步骤是否必须在最新版本下?在IO 2015讨论期间,他们谈到了注册令牌是好的,直到从设备上卸载应用程序。

InstanceID instanceID = InstanceID.getInstance(this);
String token = instanceID.getToken(getString(R.string.gcm_defaultSenderId),
    GoogleCloudMessaging.INSTANCE_ID_SCOPE, null);

2 个答案:

答案 0 :(得分:18)

The registration token shouldn't refresh after reboots, but there are other situations when it might get refreshed, so you need to handle it.

With the updated API you need to implement an InstanceIDListenerService in order to handle token refreshes as exemplified in the google-services#android#gcm sample app

    /**
     * Called if InstanceID token is updated. This may occur if the security of
     * the previous token had been compromised. This call is initiated by the
     * InstanceID provider.
     */
    // [START refresh_token]
    @Override
    public void onTokenRefresh() {
        // Fetch updated Instance ID token and notify our app's server of any changes (if applicable).
        Intent intent = new Intent(this, RegistrationIntentService.class);
        startService(intent);
    }

Regarding the other situations when the token refresh might happen.

An existing registration token may cease to be valid in a number of scenarios, including:
- If the client app unregisters with GCM.
- If the client app is automatically unregistered, which can happen if the user uninstalls the application. For example, on iOS, if the APNS Feedback Service reported the APNS token as invalid.
- If the registration token expires (for example, Google might decide to refresh registration tokens, or the APNS token has expired for iOS devices).
- If the client app is updated but the new version is not configured to receive messages.

For all these cases, remove this registration token from the app server and stop using it to send messages.

To protect the client app and app server from potential malicious re-use of registration tokens, you should periodically initiate token refresh from the server. When GCM registration token refresh is initiated from server side, the client app must handle a tokenRefreshed message with the GCM registration client/server handshake
See the API reference for more information on identity and token refresh procedure.

答案 1 :(得分:1)

编辑:查看InstanceID文档,因为它显示了如何处理令牌刷新。 https://developers.google.com/instance-id/https://developers.google.com/instance-id/guides/android-implementation

从服务器PoV imho不太清楚。

来自https://developers.google.com/cloud-messaging/registration#keeping-the-registration-state-in-sync我们

  

为了保护客户端应用和应用服务器免受潜在的恶意重复使用注册令牌,您应该定期从服务器启动令牌刷新。从服务器端启动GCM注册令牌刷新时,客户端应用程序必须使用GCM注册客户端/服务器握手处理tokenRefreshed消息。有关身份和令牌刷新过程的更多信息,请参阅API参考。

嗯,那里没有API参考的链接 - 所以在这里查看服务器api https://developers.google.com/cloud-messaging/server-ref#interpret-downstream我们有一个canonical_ids字段

  

包含规范注册令牌的结果数。有关此主题的更多讨论,请参阅注册概述。

results字段

  

可选字符串,指定处理和发送邮件的客户端应用程序的规范注册令牌。发件人应使用此值作为将来请求的注册令牌。否则,邮件可能会被拒绝。

对于客户端,我们有新的https://developers.google.com/android/reference/com/google/android/gms/iid/InstanceIDListenerService.html#onTokenRefresh()

  

系统确定需要刷新令牌时调用。应用程序应调用getToken()并将令牌发送到所有应用程序服务器。这不会被频繁调用,需要进行键旋转和处理特殊情况。系统将限制所有设备上的刷新事件,以避免使用令牌更新使应用程序服务器过载。

因此,如何从服务器启动令牌刷新超出我的范围!但是在回答你的问题时 - 是的,你仍然需要处理令牌刷新客户端!

编辑:有趣的阅读Handling registration ID changes in Google Cloud Messaging on Android