Merge branch 'master' of github.com:mozilla-services/vapid

Author: jrconlin

js/README.md

@@ -5,3 +5,4 @@ and verify VAPID headers.
 
 The index.html file contains a stand-alone generator/verifier.
 
+[live demo](https://web-push-libs.github.io/vapid/js/)

js/index.html

@@ -52,11 +52,6 @@ <h1>VAPID verification</h1>
 <div id="result" class="section">
     <a name="claims"><h2>Claims</h2></a>
     <p>Claims are the information a site uses to identify itself.
-    <div class="row">
-        <label for="aud" title="The full URL to your site."><b>Aud</b>ience:</label>
-        <p>The optional full URL to your site.</p>
-        <input name="aud" placeholder="https://push.example.com">
-    </div>
     <div class="row">
     <label for="sub" ><b>Sub</b>scriber:</label>
     <p>The required administrative email address that can be contacted if there's an issue</p>
@@ -67,6 +62,17 @@ <h1>VAPID verification</h1>
     <p>Time in seconds for this claim to live. (Default/Max: 24 hours from now)</p>
     <input name="exp" id="vapid_exp" placeholder="Time in seconds">
     </div>
+    <p>&nbsp;</p>
+    <p><b><i>Note</i></b>: You can add more claims if you wish.
+    These can include things
+    like, the ID of the originating server (if you have several that may be
+    publishing updates), a proxied customer ID or hash (for privacy reasons,
+    you probably don't want to make this easily determinable), or any other
+    value that may be useful between the Push Server Ops team and yours.
+    Just make the values short so you don't run the risk of the server
+    rejecting a request because the headers are too big.</p>
+    <p>For example:
+    <code>{'ami_id':'e-1248296','cust_id':'a9afd519s919faio3'}</code></p>
     <div class="control">
     <button id="gen">Generate VAPID</button>
     </div>
@@ -124,7 +130,7 @@ <h3>Claims JSON object:</h3>
 }
 
 function success(claims) {
-    for (let n of ["aud", "sub", "exp"]) {
+    for (let n of ["sub", "exp"]) {
         let item = document.getElementsByName(n)[0];
         item.value = claims[n];
         item.classList.add("updated");
@@ -171,15 +177,6 @@ <h3>Claims JSON object:</h3>
         reply[item.name] = item.value;
     }
 
-    // verify aud
-    if (! /^https?:\/\//.test(reply['aud'])) {
-        error(null,
-            `Invalid Audience: Use the full URL of your site e.g. "http://example.com"`);
-        document.getElementsByName("aud")[0].classList.add("err");
-        err = true;
-    } else {
-        document.getElementsByName("aud")[0].classList.remove("err");
-    }
     // verify sub
     if (! /^mailto:.+@.+/.test(reply['sub'])) {
         error(null,
@@ -227,7 +224,9 @@ <h3>Claims JSON object:</h3>
      }
      try {
          let rclaims = document.getElementById("raw_claims");
-         rclaims.innerHTML = JSON.stringify(claims, null, "    ");
+         let sc = JSON.stringify(claims, null, 4);
+         console.debug(sc);
+         rclaims.innerHTML = sc;
          rclaims.classList.add("updated");
          vapid.generate_keys().then(x => {
              vapid.sign(claims)

python/claims.json

@@ -1,4 +1,3 @@
 {
-    "aud": "https://catfacts.example.com",
     "sub": "mailto:[email protected]"
 }

python/py_vapid/main.py

@@ -49,22 +49,28 @@ def main():
 information that describes you. There are three elements in the claims
 file you'll need:
 
-    "aud" This is your site's URL (e.g. "https://example.com")
     "sub" This is your site's admin email address
           (e.g. "mailto:[email protected]")
     "exp" This is the expiration time for the claim in seconds. If you don't
           have one, I'll add one that expires in 24 hours.
 
+You're also welcome to add additional fields to the claims which could be
+helpful for the Push Service operations team to pass along to your operations
+team (e.g. "ami-id": "e-123456", "cust-id": "a3sfa10987"). Remember to keep
+these values short to prevent some servers from rejecting the transaction due
+to overly large headers. See https://jwt.io/introduction/ for details.
+
 For example, a claims.json file could contain:
 
-{"aud": "https://example.com", "sub": "mailto:[email protected]"}
+{"sub": "mailto:[email protected]"}
 """
             exit
         try:
             claims = json.loads(open(claim_file).read())
             result = vapid.sign(claims)
         except Exception, exc:
             print "Crap, something went wrong: %s", repr(exc)
+            raise exc
 
         print "Include the following headers in your request:\n"
         for key, value in result.items():