WebPush 401 Error

Fixed Issue #15893079


ozgur h.
Feb 10, 2018
This issue is public.
Found in
  • Microsoft Edge
Found in build #
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce


We are a push provider company and we send millions of webpush daily. No we try to integrate Edge Webpush (VAPID with payload) (Windows 10 Home Insider Preview Build 17093 rs_prerelease.180202-1400). But when we try to send webpush to Edge we get the error below (I changed token with XXXXX). The code that we use works well for firefox, opera,chrome and yandex we only get error for Edge.

Client error: POST https://db5.notify.windows.com/w/?token=XXXXXXXX resulted in a 401 Unauthorized response

[headers] => Array (
        [Content-Length] => Array([0] => 0)
        [X-WNS-MSG-ID] => Array([0] => 569B50AF600C0B45)
        [X-WNS-DEBUG-TRACE] => Array([0] => DB5SCH101111133)

[MS-CV] => Array([0] => z2lZNOrTG0y8LH9c1z3EYQ.0)
[Strict-Transport-Security] => Array ([0] => max-age=31536000; includeSubDomains)
[WWW-Authenticate] => Array([0] => bearer error="invalid_request",error_description="Invalid token")
[Date] => Array([0] => Sat, 10 Feb 2018 13:08:32 GMT)

So If you need any information please let me know. I can provide every information you need.



Comments and activity

  • Btw we uses https://github.com/web-push-libs/web-push-php library to send webpush.

  • Microsoft Edge Team

    Changed Assigned To to “Steven K.”

  • Hi,

    Is there anything that I can provide to help you to solve this issue ?

  • Hi ozgur,

    I am looking at your issue now.  Apologize for the delay.

    In general, I need to be able to reproduce the issue.  In this case, I realize you are using your specific auth token/information.  Can you provide a bit of context for your push service?  The information about the use of the ‘web-push-php’ library is helpful.  I am looking at that now.


  • Hi Steve,

    Here are the steps :
    You should install library with composer require minishlink/web-push command
    Here is the php code that you can reproduce the issue :
    use Minishlink\WebPush\WebPush;
    $Authentication = Array(
    ‘VAPID’ => Array(
    ‘subject’ => 'mailto:xxxx@example.com’,
    ‘publicKey’ => 'VAPIDPUBLICKEY’,
    ‘privateKey’ => ‘VAPIDPRIVATEKEY’
    $webPush = new WebPush($Authentication,Array(),20,Array('verify’=>false));
    $user_endpoint = 'https://db5.notify.windows.com/w/?token=XXXXXXXX’;
    $user_publickey = 'XXXXX’;
    $user_token = 'YYYYY’;
    $payload = '{"n":1,"title":"MSG_TITLE","body":"MSG_BODY","zbid":16515,"icon":"ICON_URL","image":"IMAGE_URL","link":"https://www.microsoft.com/"}’;

  • Thank you for the repro info.  That is helpful.

    Do you have the client side repro code?  I do not see where you are subscribing for the push notifications and registering your service worker.



    On the client-side, don’t forget to subscribe with the VAPID public key as the applicationServerKey
    source here)
  • Ignore the previous post as you clearly had already done the items I mentioned or else you would not have the user’s token, etc.

    I created an example client page to install a service worker and create a push subscription.  I noticed that my endpoint is different than yours.  This might not be an issue but wanted to verify that you are testing with a recent web push subscription.

    This is the endpoint I was given:


    I am still working on reproducing this, however, I wanted to apologize and send a note about the endpoint difference.


  • I would like to verify that notifications from Edge have been enabled in your system settings as well.  I have attached a screenshot.

    Win + I
    Search for ‘app notifications’
    Find Edge and make sure ‘Microsoft Edge’ is set to ‘On’

  • Hi Steve,

    Unfortunately our test device is broken so we send the device and waiting for fix.

    Probably its going to take 1-2 months to fix but if you want to test by yourself you can go to webinstats.com open the console and type the following command.

    To see Vapid Public you can look at the wiso._VAPIDPublic value on console

    Wait for 2-3 minutes (It takes 2-3 minutes to get registration on our side) then run the command below :
    You should see https://wis.webinstats.com/platform/sendnot.php network request. It returns empty if everything is correct. or returns json error message if something is wrong.

    You should see the test notification if everything goes correct.

  • btw This page changes string quotes to different character. You should replace them with quotes.

  •  Are you able to try this on the latest insider preview build? Based on your initial instructions (going to webinstats.com and entering console commands), I got an empty response for the sendnot.php request which indicates that it was successful per your notes.

  • Hi,

    My Insider version is 17093 rs_prerelease.180202-1400.

    I can get subscription info without any problem. When I try to send notification I get 401 error. So I checked the log files and when we try to send a notification to your subscription we also get same error. When you call sendnot.php you should see a notification but Probably you didn’t see any notification. If you try the same instructions above on firefox or chrome or yandex browser you can see the test notification.

  • Would you be able to repro the issue again and get me more recent response headers, please?

  • I tried reproducing locally using the latest version of web-push-php and the latest Windows Insider preview build. I was able to successfully receive a notification. Here is the code I used:

    use Minishlink\WebPush\WebPush;
    use Minishlink\WebPush\Subscription;

    $Authentication = Array(
        ‘VAPID’ => Array(
            ‘subject’ => 'mailto:xxxx@example.com’,
            ‘publicKey’ => 'XXX,
            ‘privateKey’ => ‘YYY’
    $webPush = new WebPush($Authentication, Array(), 20, Array(‘verify’ => false));
    $payload = '{"n":1,"title":"MSG_TITLE","body":"MSG_BODY","zbid":16515,"icon":"ICON_URL","image":"IMAGE_URL","link":"https://www.microsoft.com/"}’;
            ‘endpoint’ => $endpoint,
            ‘publicKey’ => $publicKey,
            ‘authToken’ => $authToken,
            ‘contentEncoding’ => $contentEncoding
        ]), $payload, false);

    Can you please try this again on the latest version of each to verify if it works for you too?

  • Hi Ali,

    Thanks for following up the issue. I also created a ticket for the library and they said they fixed this issue in the latest version. I’m going to try latest webpush library next week but to be sure that I would like to ask that what is the value for $contentEncoding var. Are both ‘aesgcm’ and ‘aes128gcm’ work ?

  • Absolutely, I’m happy to help. Yes, either aesgcm or aes128gcm should work.

  • Microsoft Edge Team

    Changed Status to “Fixed”

  • Thank you for providing us feedback and for filing this bug. This issue has been resolved and so we are closing the bug.

  • Changed Status from “Fixed”

  • Hi Ali,

    Finally I get my laptop and updated to Window 10 - 1803. (Edge Version : 17.17134) This is the latest windows version. I updated WebPush library to 4.0.2 (latest version). I still get the same error. Here is the result. I send opera, firefox, chrome and Edge at the same time. Chrome, opera and firefox webpushes successfully delivered. But for Edge browser I get the error below. (I changed token to XXXXXX) :

           [message] => Client error: `POST https://bl2p.notify.windows.com/w/?token=XXXXXXXXXX` resulted in a `401 Unauthorized` response
            [statusCode] => 401
            [reasonPhrase] => Unauthorized
            [headers] => Array
                    [Content-Length] => Array
                            [0] => 0
                    [X-WNS-MSG-ID] => Array
                            [0] => 3A19C8BC22C7DED8
                    [X-WNS-DEBUG-TRACE] => Array
                            [0] => BL2PEPF0000065B
                    [MS-CV] => Array
                            [0] => i4ObgbnEAkWBb4knI7uPhQ.0
                    [Strict-Transport-Security] => Array
                            [0] => max-age=31536000; includeSubDomains
                    [WWW-Authenticate] => Array
                            [0] => bearer error="invalid_request",error_description="Invalid token"
                    [Date] => Array
                            [0] => Tue, 19 Jun 2018 11:36:19 GMT
  • Hi Ali,

    After a few investigation, I solved the problem. You can close the ticket.

    I’m sorry to reopen the issue.

    Many Thanks,

  • Microsoft Edge Team

    Changed Status to “Fixed”

  • Hi Ozgur,

    That is good news.  Curious what the issue was.

    Thanks again for taking the time to submit the issue,


  • All of the browsers gives endpoint around 200 chars. And we set endpoint field to 300 Chars in DB. But Edge’s endpoints are more than 400 chars. So we save first 300 chars of the endpoint. We altered our endpoint field to varchar(500) and problem solved :) So It could be better if you add some information about maximum endpoint size to the documents. If it’s already in the documents please ignore my comment :)

    It’s completely our mistake. Sorry again.

You need to sign in to your Microsoft account to add a comment.

Sign in