web-push-php icon indicating copy to clipboard operation
web-push-php copied to clipboard
verified publisher icon web-push-libs

OneSignal exported endpoints cause "VAPID public key mismatch" in Firefox v2 push

Open ivptr opened this issue 5 months ago • 3 comments

I'm encountering problem delivering push notifications to Firefox using endpoints exported from OneSignal database.

  • Notifications sent to endpoints beginning with https://updates.push.services.mozilla.com/wpush/v1/ are working correctly.
  • However, endpoints starting with https://updates.push.services.mozilla.com/wpush/v2/ consistently return a 401 Unauthorized error:
{
  "code": 401,
  "errno": 109,
  "error": "Unauthorized",
  "message": "VAPID public key mismatch",
  "more_info": "http://autopush.readthedocs.io/en/latest/http.html#error-codes"
}

Sending to Chrome and Edge works fine using the same VAPID key. OneSignal claims the VAPID key is the same.

Tried disabling automatic padding via setAutomaticPadding(false), but it had no effect.

PHP Web Push example works fine with the same Firefox for Windows v142.0.1.

What am I overlooking?

ivptr avatar Sep 03 '25 16:09 ivptr

Endpoints with /v1/ are registered without VAPID while /v2/ are registered with VAPID

p1gp1g avatar Dec 04 '25 06:12 p1gp1g

You probably haven't set correctly the auth param, it fails silently if the auth array doesn't have "VAPID" key

new WebPush(auth: ["VAPID" => ["publicKey" => $pub, "privateKey" => $priv, "subject" => $sub]]);

p1gp1g avatar Dec 04 '25 07:12 p1gp1g

I did set auth param correctly:

$auth = array(
    'VAPID' => array(
        'subject' => 'mailto:...',
        'publicKey' => '...',
        'privateKey' => '...'
    ),
);

$defaultOptions = [
    'urgency' => 'high'
];

$webPush = new WebPush($auth, $defaultOptions);

ivptr avatar Dec 07 '25 16:12 ivptr