- From: Peter Beverloo <notifications@github.com>
- Date: Fri, 29 Jan 2016 17:26:58 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/185/177041781@github.com>
The tokens described in the IETF draft (please just consider section 2.3) are meant for the application server to authenticate with the push service, as well as subscription association. Authentication of the user with your web app is separate from this. After you create a push subscription using the W3C Push API, you get a `PushSubscription` object that you have to transfer to your server. You would normally use `fetch()` for this. Such a request will include all cookies and credentials you'd expect from on-page requests. Additionally, because you are issuing the request, you can include other application-defined data as well. I wouldn't consider the bring-your-own-push-service scenario to be in scope of the Push API. The effects of multiple persistent connections, potentially controlled using JavaScript, have a disproportional impact on resource usage of many mobile devices. Consider that no mobile browser guarantees your page to continue to be alive after the user minimizes it. For cases where the page is in the foreground, you could consider using Web Sockets or similar. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/185#issuecomment-177041781
Received on Saturday, 30 January 2016 01:27:34 UTC