You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Benoit Tellier (Jira)" <se...@james.apache.org> on 2024/02/13 14:00:00 UTC
[jira] [Comment Edited] (JAMES-3990) Implement Vapid Key for JMAP
[ https://issues.apache.org/jira/browse/JAMES-3990?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17817011#comment-17817011 ]
Benoit Tellier edited comment on JAMES-3990 at 2/13/24 1:59 PM:
----------------------------------------------------------------
Added to Linagora backlog: https://github.com/linagora/james-project/issues/5059
h3. How
- Have a configuration parameter to enable vapid authentication within `jmap.properties`.
- Reuse existing jmap draft token signing cryptographic asymetric keys to sign Vapid tokens.
- Modify the webpush client in order to add vapid authentication
{code:java}
Authorization: vapid
t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL3
B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1ha
Wx0bzpwdXNoQGV4YW1wbGUuY29tIn0.i3CYb7t4xfxCDquptFOepC9GAu_H
LGkMlMuCGSK2rpiUfnK9ojFwDXb1JrErtmysazNjjvW2L9OkSSHzvoD1oA,
k=BA1Hxzyi1RUM1b5wjxsn7nGxAszw2u61m164i3MrAIxHF6YK5h4SDYic-dR
uU_RCPCfA5aq9ojSwk5Y2EmClBPs
{ encrypted push message }
JWT header = { "typ": "JWT", "alg": "ES256" }
JWT body = { "aud": "https://push.example.net",
"exp": 1453523768,
"sub": "mailto:push@example.com" }
JWK = { "crv":"P-256",
"kty":"EC",
"x":"DUfHPKLVFQzVvnCPGyfucbECzPDa7rWbXriLcysAjEc",
"y":"F6YK5h4SDYic-dRuU_RCPCfA5aq9ojSwk5Y2EmClBPs" }
{code}
CF https://datatracker.ietf.org/doc/html/rfc8292
- Finally the public key shall be advertized through the JMAP session.
This would be how Vapid key configuration looks like: `jmap.properties`
{code:java}
webpush.vapid.auth.enabled = true
webpush.vapid.private.key=conf://vapid.private.key
webpush.vapid.private.key=conf://vapid.public.key
{code}
h3. Definition of done
- Integration tests with Vapid enabled
- Proof of concept of firebase usage with a pet webpush application and Vapid keys
was (Author: btellier):
Added to Linagora backlog:
h3. How
- Have a configuration parameter to enable vapid authentication within `jmap.properties`.
- Reuse existing jmap draft token signing cryptographic asymetric keys to sign Vapid tokens.
- Modify the webpush client in order to add vapid authentication
{code:java}
Authorization: vapid
t=eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJhdWQiOiJodHRwczovL3
B1c2guZXhhbXBsZS5uZXQiLCJleHAiOjE0NTM1MjM3NjgsInN1YiI6Im1ha
Wx0bzpwdXNoQGV4YW1wbGUuY29tIn0.i3CYb7t4xfxCDquptFOepC9GAu_H
LGkMlMuCGSK2rpiUfnK9ojFwDXb1JrErtmysazNjjvW2L9OkSSHzvoD1oA,
k=BA1Hxzyi1RUM1b5wjxsn7nGxAszw2u61m164i3MrAIxHF6YK5h4SDYic-dR
uU_RCPCfA5aq9ojSwk5Y2EmClBPs
{ encrypted push message }
JWT header = { "typ": "JWT", "alg": "ES256" }
JWT body = { "aud": "https://push.example.net",
"exp": 1453523768,
"sub": "mailto:push@example.com" }
JWK = { "crv":"P-256",
"kty":"EC",
"x":"DUfHPKLVFQzVvnCPGyfucbECzPDa7rWbXriLcysAjEc",
"y":"F6YK5h4SDYic-dRuU_RCPCfA5aq9ojSwk5Y2EmClBPs" }
{code}
CF https://datatracker.ietf.org/doc/html/rfc8292
- Finally the public key shall be advertized through the JMAP session.
This would be how Vapid key configuration looks like: `jmap.properties`
{code:java}
webpush.vapid.auth.enabled = true
webpush.vapid.private.key=conf://vapid.private.key
webpush.vapid.private.key=conf://vapid.public.key
{code}
h3. Definition of done
- Integration tests with Vapid enabled
- Proof of concept of firebase usage with a pet webpush application and Vapid keys
> Implement Vapid Key for JMAP
> ----------------------------
>
> Key: JAMES-3990
> URL: https://issues.apache.org/jira/browse/JAMES-3990
> Project: James Server
> Issue Type: New Feature
> Components: JMAP
> Reporter: Benoit Tellier
> Assignee: Antoine Duprat
> Priority: Major
>
> https://datatracker.ietf.org/doc/draft-ietf-jmap-webpush-vapid/
> {code:java}
> JMAP [RFC8620] specifies how clients can subscribe to events using a
> protocol that is compatible to WebPush [RFC8030]. Some push services
> require that the application server authenticates all push messages
> using the Voluntary Application Server Identification protocol
> [RFC8292]. To faciliate that the client (or user agent in WebPush
> terminology) needs the VAPID public key of the application server to
> pass it along to the push service when retrieving a new endpoint.
> {code}
> Implementing this as a standard would allow frontend applications (like the one edited by Linagora: Twake mail) to directly use systems like firebase cloud messaging, which was the motivation of Daniel Glusch.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org