iOS Push Notifications

We have successfully gotten Android Push tokens working in our environment and have added the iOS project IDs to our privacyIDEA config. We have also setup an APNS key within Firebase to allow us to use Apple’s push notification servers.

However, when attempting to use a push token assigned to an iOS device, the below error occurs.

[2019-10-08 16:04:29,162][11989][139956920170240][WARNING][privacyidea.lib.smsprovider.FirebaseProvider:100] Failed to send message to firebase service: {
  "error": {
    "code": 401,
    "message": "Auth error from APNS or Web Push Service",
    "status": "UNAUTHENTICATED",
    "details": [
        "@type": "",
        "errorCode": "THIRD_PARTY_AUTH_ERROR"

I am assuming this is due to the fact that the AppID utilized by the privacyIDEA Authenticator is not attached to our APNS key in any way. I am in the process of compiling the source of the authenticator with a development provisioning profile under our ADC account to test this but wanted to at least bring this up for discussion in case I’m just doing something incorrect.

As an update, compiling the app with our development certificate and bundle ID allows the push notifications to work.

Thanks for the tips. So push notification does not work with the form the IOS store?

to use the push with the app from the ios store, you need the key for the APNs to configure your firebase project with. If you compile the app with your own developer cert like droo did, you can set up the APNs (and then Firebase) yourself. We are currently looking into whether it is safe to hand out the key or if we need to find another way around this.

Niels thanks for the reply. I tested the push token for IOS and did not work because of the APN settings. Thanks to @droo I know why.

@droo,I have been trying to get iOS push notifications to work as well. I have compiled the app successfully using Xcode and our developer certificate, but I don’t get where I can get our APNS key from.

Care to line out, what you actually did to get this working?

Okay, I got push notifications to work on my iPhone. However, I am a total noob, when it comes to Xcode in general and iOS programming in particular. Additionally, the firebase config seemed to have undergone some changes, since the documentation had been posted. Getting the FirebaseApp/Framework to work was the main issue and I stumbled across one issue, which I cannot solve:

on the first run, the FirebaseApp needs to be configured using FirebaseApp.configure() in the iOS app’s function application:didFinishLaunchWithOptions. So, I added the FirebaseApp.configure() there and upon the fist run, I was able to receive push notifications, as this time the app actually contacted the Firebase project.

However, on subsequend runs, this edit threw an error, as the FirebaseApp couldn’t be configured more than once and I resolved to remove the former edit which made the app running again.

Well… now I got it running on my iPhone 11 Pro on iOS 13.3. In the AppleDelegate.swift, the FirebaseApp needs to be configured like this:

if == nil {

This way, the app will not crash, when getting launched the 2nd (and subsequent times), while there’s already a token registered. However, I’d much prefer an ready-to-use app, since I don’t know, if I would submit such a “taylored” app to the Apple App Store.

Hi again,
usually the Firebase configuration is hardcoded in the apps resources (using the .plist file from firebase). If you have the plist, you could run configure() on startup, but our goal was to have the app configure for arbitrary firebase projects. Therefore the required things are embedded in the push enrollment qr code. When such code is scanned, the app configures itself and saves the configuration. Upon startup it checks for a saved configuration and configures again if there is one, which is probably why you got your error.
To use the app the way it was designed is to add the stuff from the plist file to privacyIDEA->SMS Gateways->FirebaseProvider, without having the plist file in the app

Ahh… I see, so you actually have to remove the Goolge_Services.plist or rather, not add it in the first place?

Do not add it to the app, you just need to extract the info from it for the server