kirimita (u/kirimita)

kirimita commented on Molly: An Improved Signal App molly.im/... · Posted by u/dtj1123

kirimita · 3 months ago

Here is a blog post to use the play services, without the proprietary lib and API: https://unifiedpush.org/news/20250131_push_for_decentralized...

kirimita · 3 months ago

And there is this gist for the app side, if you need something to share: https://gist.github.com/mar-v-in/2a054e3a4c0a508656549fc7d0a...

kirimita commented on Molly: An Improved Signal App molly.im/... · Posted by u/dtj1123

homebrewer · 4 months ago

Coming from the npm world, I see enough code for at least two libraries.

But seriously, write this as a blog post, more people need to know about this, and I'd like to have something "authoritative" to send references to.

kirimita · 3 months ago

Here is a blog post to use the play services, without the proprietary lib and API: https://unifiedpush.org/news/20250131_push_for_decentralized...

kirimita commented on Molly: An Improved Signal App molly.im/... · Posted by u/dtj1123

grishka · 3 months ago

It's just two broadcast receivers (one for receiving the push token, another for receiving actual notifications), and one broadcast sender to ask GSF to give you a token. This code is so trivial it's not even worth separating into a library.

Here's how you request a push token:

    Intent intent = new Intent("com.google.iid.TOKEN_REQUEST");
    intent.setPackage("com.google.android.gms");
    intent.putExtra("app", PendingIntent.getBroadcast(context, 0, new Intent(), PendingIntent.FLAG_IMMUTABLE));
    intent.putExtra("sender", FCM_SENDER_ID);
    intent.putExtra("subtype", FCM_SENDER_ID);
    intent.putExtra("scope", "*");
    intent.putExtra("kid", "|ID|1|");
    context.sendBroadcast(intent);

Here are the two receivers:

    <receiver android:name=".PushNotificationReceiver" android:exported="true" android:permission="com.google.android.c2dm.permission.SEND">
        <intent-filter>
            <action android:name="com.google.android.c2dm.intent.RECEIVE" />
        </intent-filter>
    </receiver>
    <receiver android:name=".api.PushSubscriptionManager$RegistrationReceiver" android:exported="true" android:permission="com.google.android.c2dm.permission.SEND">
        <intent-filter>
            <action android:name="com.google.android.c2dm.intent.REGISTRATION"/>
        </intent-filter>
    </receiver>

The first one is where you get notifications. The parameters you sent from the server will simply be your intent extras.

The second one is where you get push tokens. There will be a "registration_id" extra string which is your token. It may start with "|ID|1|" (the "kid" parameter from the request, not quite sure what it does), in which case you need to remove that part.

You want to refresh your push token every time your app gets updated and also just periodically if you haven't done it in a while. I do it every 30 days.

kirimita · 3 months ago

This is also what UnifiedPush lib to use FCM does (https://codeberg.org/UnifiedPush/android-embedded_fcm_distri...)

Which is documented in this gist: https://gist.github.com/mar-v-in/2a054e3a4c0a508656549fc7d0a...

kirimita commented on Push Notifications for Decentralized Services unifiedpush.org/news/2025... · Posted by u/notmine1337

pull_my_finger · a year ago

So would I be correct to say the distributor is a a 3rd party "satellite" app, that your app pulls from and the notification server pushes to? So end users would need to install this distributor app in addition to your own app?

kirimita · a year ago

That's already how it works, the 3rd app is usually the Google services. The setup described on the blog post allows user to use the Google services OR another service

kirimita commented on Push Notifications for Decentralized Services unifiedpush.org/news/2025... · Posted by u/notmine1337

stefanha · a year ago

In this direct to FCM model, does the application running on the untrusted user's device need to embed any sensitive credentials?

What prevents someone else from impersonating my app or other users on my app?

kirimita · a year ago

If you are interested, you can read the specifications: https://unifiedpush.org/developers/spec/android/. The same question actually exists for firebase-messaging (Google) too (answer here: https://github.com/firebase/firebase-android-sdk/blob/cf5fe2...)

kirimita commented on Push Notifications for Decentralized Services unifiedpush.org/news/2025... · Posted by u/notmine1337

orblivion · a year ago

I was surprised how easy it was to integrate. I'm on GrapheneOS/FDroid. I installed the ntfy app and connected it to my ntfy server. I wanted to set it up for Tusky (Mastodon app). I was confused about the lack of instructions. What do I set on Tusky? What do I set on all my Mastodon servers? It turned out there were no instructions. I was already configured for Tusky. Tusky found the ntfy app, got my ntfy server's URL from it, and passed it on to the Mastodon servers.

Now, I actually think this is a little too easy. What if I want to keep my ntfy server private for certain at-home uses? But still, very impressive. Element does it right, it at least asks you when you open the app (or it's in a setting or something). But I think UnifiedPush or ntfy instructions should make these steps more clear (or I failed to find it), even if just to say "it's actually that easy" to save our time looking.

BTW I'm working on porting ntfy to Sandstorm. Already works, I just have a handful of loose ends.

kirimita · a year ago

> But I think UnifiedPush or ntfy instructions should make these steps more clear (or I failed to find it), even if just to say "it's actually that easy" to save our time looking.

We are working on the documentation: https://codeberg.org/UnifiedPush/documentation/pulls/16

kirimita commented on Push Notifications for Decentralized Services unifiedpush.org/news/2025... · Posted by u/kirimita

kirimita · a year ago

How mobile push notifications currently bring centralization to decentralized services, and how we can avoid it, even for mainstream configurations.