Android: Update your apps to the latest Firebase Cloud Messaging APIs and SDKs

[appzer]

Hi, currently i use a self modified version of the older plugin > https://github.com/phonegap/phonegap-plugin-push
All works fine at least with the latest Android version 13 & 14.

But yesterday i got the following message from Google!
What needs to be adjusted on the Cordova app/plugin and on the server side.
Can someone explain!

Thanks Kevin

[nbadiganti]

+1 following for this change

[andreszs]

I'm also receiving the same warnings from Google, hopefully the Cordova plugin has nothing to do.

You need to change the server side code only to use the HTTP v1 API to send the notifications. I remember trying to switch to this API years ago, but failed due to certain server requirements that were absolutely impossible to meet.

[viking2917]

They explain in the email which things need to be done based on your usage. In my case, it was to update the legacy protocol to v1 of the API, and stop using static server keys.

Documentation for how to do that is here:
https://firebase.google.com/docs/cloud-messaging/migrate-v1#node.js_2

Basically one has to:

1. use a different url
2. stop using a global authorization key and use oAuth v2, and
3. update the payload to a new structure

For #2, the oAuth, my backend is in PHP and I found this very helpful for that part of the process: https://stackoverflow.com/questions/65633126/generating-oauth-token-for-firebase-cloud-messaging-php

The challenge I am now facing is that background notifications seem to be not processed in quite the same way. I have filed a separate ticket for that: #266

[andreszs]

Thanks, I've switched to HTTP v1 with almost no help whatsoever from GPT to resolve the ouath2 token generation via REST.

Unfotunately, the HTTP v1 has dropped support to send the send push to a group of registered devices, and they pretend us to use the topic subscription method instead. This would require creating thousands of topics and keep them updated somehow in the case of my social media app, where users are constantly changing which notifications they wish to receive and from who.

The group sending feature of the legacy API allowed me to send a single push notification to multiple recipients by simply including an array of registration tokens. Now, with the HTTP v1 API, I would need to send dozens or even hundreds of individual notifications for frequent events like a user uploading a new photo, which is impractical. This change has effectively crippled the functionality of my notifications system.

Not to mention the fact that the ouath2 token duration is a secret that only Google knows and they actively refuse to reveal to developers. There's no knowing if the token is valid for 1 minute, 1 hour, 2 weeks, or 3 months. Notifications simply start returning error 403 IAM_PERMISSION_DENIED randomly even when the server is configured to replace it every 10 minutes.