Building with a specified push token for iOS breaks notifications

Please provide the following:

  1. SDK Version: 36.0.0
  2. Platforms(Android/iOS/web/all): iOS

There have been a couple threads on this issue already this year:

Both appear to have timed out and not been resolved.

The issue is if you “expo build:ios” and let expo handle the push token, things work fine. If you generate your own, or download the one expo generated (via expo fetch:ios:certs) and then specify them on a build like this:

${expo_cmd} build:ios --non-interactive --clear-credentials --release-channel "$channel" \
  --dist-p12-path ${IOS_KEY_PATH}/App.p12 --team-id ${IOS_TEAM_ID} \
  --provisioning-profile-path ${IOS_KEY_PATH}/App.mobileprovision \
  --push-id ${IOS_PUSH_NOTIFICATIONS_KEY_ID} --push-p8-path ${IOS_KEY_PATH}/App.p8 \
  --apple-id ${IOS_APPLE_ID}

Then the build succeeds but any attempt to send a push notification to iOS ends up with this error:
“The Apple Push Notification service key for your account could not be loaded, likely due to a malformed p8 file. Expo needs a valid PEM key in order to deliver notifications to APNs.”
This is using the p8 file either directly downloaded from Apple or downloaded from Expo with the fetch command.

The workaround is to do this command:

${expo_cmd} build:ios --non-interactive --clear-credentials --release-channel "$channel" \
  --dist-p12-path ${IOS_KEY_PATH}/App.p12 --team-id ${IOS_TEAM_ID} \
  --provisioning-profile-path ${IOS_KEY_PATH}/App.mobileprovision \
  --apple-id ${IOS_APPLE_ID}

Which leaves everything out about the push notification and ends up generating a new push token every build. Note that you don’t have to deploy the app to the Apple app store etc. This just “fixes” the token with Expo and push notifications start working again.

For context we’re using a CI server to build these (manually triggered) to avoid permission issues.

It seems that the functionality to provide in input p8 file is broken and sounds like what was going on in the other posts.

Recreation seems to be this:

  1. Build and generate all items with expo
  2. Download them all from Expo
  3. Build again specifying all the items will be provided
  4. Try to do a push to the target

Replying to my own post so it doesn’t age out. Anyone out there?

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.

We are experiencing the same exact issue reported by rmason here :frowning:

hi it seems that there is a bug in expo fetch:ios:certs and generated p8 file is additionally base encoded

try decoding content and saving it to file

fix should be published within few days

As an unrelated note,
You should not run this command for every build. if you run it once those credentials are already assigned for this app and are not required.
Especially replacing push notification key is questionable because you are causing few second of downtime for your push notifications, every time you build.


What do you mean by the generated p8 file is additionally base encoded? I just tried to run fetch:ios:certs and compare it directly with the one I generated and downloaded from Apple, the content is exactly the same.

Yet somehow I’m having the same error as rmason when I include the push certs during build. (tried on both from Apple and Expo fetch).

Are we missing something here?

After further investigation, I found that the actual bug was in a bit different place, but it was caused by some problem. different encoding depending on input method

We store most of the files in base encoded form, but push key is an exception and it’s stored as a plain text, but when you specify it as cli param it’s base encoded. It should work when generating it with fastalne and when passing manually in an interactive prompt.