Search code examples
firebasefirebase-cloud-messagingprogressive-web-appsservice-workerweb-push

Why is Firebase Cloud Messaging web client side messaging.getToken() yield a different token sometimes? (Same browser, same tab)


I've found that the FCM web client side occasionally delivers a different token to me.

My code is entirely based on the official docs.

// Get registration token. Initially this makes a network call, once retrieved
// subsequent calls to getToken will return from cache.
messaging.getToken({ vapidKey: '<YOUR_PUBLIC_VAPID_KEY_HERE>' }).then((currentToken) => {
  if (currentToken) {
    // Send the token to your server and update the UI if necessary
    // Occasionally, I received a different token here.
  } else {
    // Show permission request UI
    console.log('No registration token available. Request permission to generate one.');
    // ...
  }
}).catch((err) => {
  console.log('An error occurred while retrieving token. ', err);
  // ...
});

Occasionally, I receive a different currentToken; this occurs regularly!

I did not change my web browser (Chrome), nor did I change the vapidKey, and I continue to use the same tab for localhost development.

It seemed to have changed every couple of hours.

And if the token changes, my service worker will record an error in the console, as well as a 404 API request failure.

The console log error is as follows:

FirebaseError: Messaging: A problem occurred while unsubscribing the user from FCM: FirebaseError: Messaging: A problem occurred while unsubscribing the user from FCM: Requested entity was not found. (messaging/token-unsubscribe-failed). (messaging/token-unsubscribe-failed).
    at _callee8$ (eval at <anonymous> (app.js:2982), <anonymous>:572:45)
    at tryCatch (eval at <anonymous> (app.js:6025), <anonymous>:62:40)
    at Generator.invoke [as _invoke] (eval at <anonymous> (app.js:6025), <anonymous>:296:22)
    at Generator.prototype.<computed> [as next] (eval at <anonymous> (app.js:6025), <anonymous>:114:21)
    at step (eval at <anonymous> (app.js:636), <anonymous>:17:30)
    at eval (eval at <anonymous> (app.js:636), <anonymous>:28:13)

And here is the failed API request I believe FCM was attempting to make; I did not make the request, and I copied it as curl for greater visibility.

curl 'https://fcmregistrations.googleapis.com/v1/projects/chatisfy-d2721/registrations/cD0VOZLBLdaVymfaUbQyE4:APA91bHj2qCU02_Sib6gEPw3VuPTDkjpj0ZVpgmWYaaHESpTjpH-uwY5JX5mn_W7YhJ1AOMp4dNnwpUffs7SQkBs1UYGGie0o4u_i-OjYY5Q5uRSl3pZQoRGVzwNXxe0lDrQIHD4SN5A' \
  -X 'DELETE' \
  -H 'authority: fcmregistrations.googleapis.com' \
  -H 'sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36' \
  -H 'content-type: application/json' \
  -H 'accept: application/json' \
  -H 'x-goog-api-key: AIzaSyDFP12b-P9JwiDvJuqsWVz6k2Z8ww6_2-E' \
  -H 'x-goog-firebase-installations-auth: FIS eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhcHBJZCI6IjE6NTI4MTcxMTk2MzYxOndlYjowMWQyMzQ4ODNiYWQ3NWU5MmYxMjE4IiwiZXhwIjoxNjQwMjUwMDc2LCJmaWQiOiJjRDBWT1pMQkxkYVZ5bWZhVWJReUU0IiwicHJvamVjdE51bWJlciI6NTI4MTcxMTk2MzYxfQ.AB2LPV8wRQIhAL4F96JV_fSn2LHzpBiYDWnOVcpA7zBT35lvWz0WqS8fAiAlC28Un0hO2uD6_DuRPnHdqnO_5wIr-byID127niFXRg' \
  -H 'sec-ch-ua-platform: "macOS"' \
  -H 'origin: http://localhost:8080' \
  -H 'x-client-data: CJO2yQEIpbbJAQjBtskBCKmdygEInvnLAQjmhMwBCLWFzAEIy4nMAQjSj8wBGI6eywE=' \
  -H 'sec-fetch-site: cross-site' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-dest: empty' \
  -H 'referer: http://localhost:8080/' \
  -H 'accept-language: en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7,zh-CN;q=0.6' \
  --compressed

And here is the response to the aforementioned request:

{
  "error": {
    "code": 404,
    "message": "Requested entity was not found.",
    "status": "NOT_FOUND"
  }
}

What is causing this?


Solution

  • Some security models expire and reissue tokens at intervals to prevent long-term token validity. Or the token may contain data that updates based on request time.