Apple Push Notification Authentication Key (Sandbox & Production)

Question

I recently noticed a new option when creating a certificate for a given iOS client.

The option is titled

Apple Push Notification Authenti

Answer 1

Apple Push Notification token-based authentication is an alternative to using provider certificates to connect to APNs. The provider API supports JSON Web Token (or JWT), an open standard, to pass authentication claims to APNs along with the push message.

To generate a provider token, obtain a private key for signing the token as described in Creating a Universal Provider Tokenin App Distribution Guide. You should construct a token with header containing a 10 character Key ID (kid). The token claims portion contains Issuer (iss) which is a 10 character Team ID. Your Team ID and Key ID values can be obtained from your developer account. The claims shall also contain Issued At (iat) which is the number of seconds from Epoch in UTC when the token was generated. The token must be signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) using the P-256 curve and the SHA-256 hash algorithm (ES256), specified as a value in the algorithm key (alg).

{
    "alg": "ES256",
    "kid": "ABC123DEFG"
}
{
    "iss": "DEF123GHIJ",
    "iat": 1437179036
 }

For additional information along with list of available libraries for generating signed JSON web tokens, refer to https://jwt.io

This is a swift library to sign your JSON Web Token (or JWT) : kylef/JSONWebToken.swift

Note: Only providers tokens signed with ES256 algorithm are supported by APNs. Unsecured JWT or JWT signed with other algorithms will be rejected with a response indicating an Invalid Provider Token.

SOURCE : APPLE : Provider Authentication Tokens

WWDC 2016 - Session 724 : Token Based Authentication

PS:

The biggest difference is that The Key Way will not be expired than Certificate will be expired after one year.