Ranknoodle Ranknoodle - 7 months ago 26
Swift Question

Advice on getting Push Notifications to Work on Production Builds

I have a production iOS App that I can send development push notifications (APNs) no problem from my production API environment. The issue is when I archive the app and publish to the App Store the push notifications never work from the App downloaded from Itunes from my production API environment.


  1. I have set up Certificate for APN distribution

  2. I create the PEM file
    from the certificate.

  3. APN are enabled in Xcode > Capabilities



In Apple's Document here "Troubleshooting Push Notifications"
https://developer.apple.com/library/ios/technotes/tn2265/_index.html#//apple_ref/doc/uid/DTS40010376-CH1-TNTAG21


"When using Xcode to submit an app, Xcode will re-sign it using the
code signing identity and associated provisioning profile you select.
So the signature of the submitted app and its contents might be
different than what's in the Xcode archive."


Then


Here's how to check the signature for an iOS app being submitted to
the App Store:


I follow the instructions but not sure what I should be looking for specifically when running this command?

codesign -d --entitlements :- "Payload/YourApp.app"


Also when I try and test this before submitting app by going to Xcode > Window > Organizer and with the list of archives I will export the Itunes Production Archive by the following means:

Save for iOS App Store Deployment
Sign and Package application for distribution in the iOS App Store


I export the ipa file and will install via Itunes to my iphone. However my production deployment build never completes installing on my iphone before being removed (Icon will show installing progress but then disappear)

So I'm not too sure how to test deployment push notifications (not development push notifications as that I can do) without submitting new build for review in Itunes Connect?




So what usually is the issue with Production Deployments not being able to send Push Notifications when development will work? (Same device identifier code, Same API environment etc)

How can I test deployment push notifications (not development) before submitting archive to Itune Connect?

Answer

The main reason production pushes don't work while dev ones do is you have broken the

"Push Rule of Three".

There are two sets of triplets:

a) Prod app - Prod gateway - Prod certificate
b) Dev app - Dev gateway - Dev certificate

You can't mix and match these together, if you have any combination that isn't either 3 Production things or 3 Dev things then the push won't work. This is the "Push Rule of Three".

Prod App/Dev App

When you build/run via Xcode its a Dev app. When you create an archive and make an ad-hoc distribution or publish to the app store its a Prod app.

Prod Gateway / Dev Gateway

This is the prod gateway:

ssl://gateway.push.apple.com:2195

And this is the dev gateway:

ssl://gateway.sandbox.push.apple.com:2195

Prod cert / Dev cert

You need to use the Apple provisioning portal to generate a Dev cert and a Prod cert and sign your server with as appropriate (you can combine both the prod cert and prod key and dev cert and dev key into a single .pem file which makes it convenient to sign the server with both).

One other thing to bear in mind is that when creating the archive, in the Xcode code signing section, the provisioning profile must be set to a properly created distribution profile.

I think the best tutorial on Pushes is Ray Wenderlich's.

https://www.raywenderlich.com/123862/push-notifications-tutorial

This goes over the profile and the certificates and gets you to a position where something is working, however one huge omission of this tutorial is that it does not mention the Rule Of Three

In your situation, if you can send a push from your server to an Xcode build as indicated in your comments then it means two things:

1) You are using Apple's dev gateway. You MUST change that gateway to be able to send a push to a production build.

2) Your server has been signed with the development certificate. Your server MUST also be signed with the production certificate.

So you must have broken the rule of three, fix that and see if things work.