Merge pull request #5990 from VihangaMunasinghe/revert-5963-master

Revert "Update documentation for push provider configuration and build you own push authentication app"

Author: ZiyamSanthosh

en/asgardeo/docs/assets/img/guides/mfa/push/push-default-toggle.png

@@ -1,90 +1,22 @@
-# Configure push provider
+# Configure Push Provider
 
-To use push notification-based authentication, you need to configure at least one push notification provider in {{ product_name }}. {{ product_name }} supports **Firebase Cloud Messaging (FCM)** and **Amazon Simple Notification Service (SNS)** as push notification providers.
+To send push notifications from {{ product_name }}, you need to configure a Push Provider. {{ product_name }} supports **Firebase Cloud Messaging (FCM)** to send push notifications. With FCM, you can send push notifications to multiple platforms, including Android, iOS, and the web.
 
 !!! note
-    You can configure **multiple providers** and keep them active at the same time. During enrollment, the device will send the preferred push provider in the registration request. Once successfully registered, {{product_name}} will send push notifications via the device's registered push provider.
+    Firebase cloud messaging has the capability to send push notification to iOS devices through Apple Push Notification Service (APNs). However, you need to configure APNs separately to send push notifications to iOS devices.
+    For more information, [refer to the Firebase documentation](https://firebase.google.com/docs/cloud-messaging/ios/client).
 
-    You can also mark one provider as the **default push provider**.
-
-The following list shows the platforms that each provider supports.
-
-- **FCM**: Android, iOS (APNs), and web.
-- **Amazon SNS**: Android, iOS (APNs), Amazon Fire OS (ADM), Baidu Cloud Push, Windows Phone (MPNS), and Windows (WNS).
-
-## Configure the push provider
+Follow the below steps to configure FCM as your Push Provider:
 
 1. On the {{ product_name }} Console, go to **Notification Channels** and select **Push Providers**.
 
-      ![Notification channels page]({{base_path}}/assets/img/guides/mfa/push/push-providers-page.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
-
-2. Select the tab for the provider you want to configure and follow the steps in the relevant section below.
+   ![Notification channels page]({{base_path}}/assets/img/guides/mfa/push/push-providers-page.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
-### Configure Firebase Cloud Messaging (FCM)
+2. Upload the service-account.json file that you downloaded from Firebase when you created your Firebase project.
 
-1. Select the **Firebase** tab.
-
-2. Upload the `service-account.json` file that you downloaded from Firebase when you created your Firebase project.
-
-      ![Configure Firebase]({{base_path}}/assets/img/guides/mfa/push/push-provider-configure-fcm.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+   ![Configure Firebase]({{base_path}}/assets/img/guides/mfa/push/push-provider-configure-fcm.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
 3. Click **Update** to save your changes.
 
-      ![Update Push Provider]({{base_path}}/assets/img/guides/mfa/push/push-provider-configured-fcm.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
-
-!!! note
-    Firebase Cloud Messaging can send push notifications to iOS devices through Apple Push Notification Service (APNs). However, you need to configure APNs separately to send push notifications to iOS devices. For more information, [refer to the Firebase documentation](https://firebase.google.com/docs/cloud-messaging/ios/client).
-
-### Configure Amazon Simple Notification Service (SNS)
-
-1. In the AWS console, create a platform application for each platform you plan to support (for example, FCM or APNs). For instructions, see [Mobile push notifications](https://docs.aws.amazon.com/sns/latest/dg/sns-mobile-application-as-subscriber.html) in the AWS documentation.
-
-2. Create an IAM user and attach a policy that grants the following permissions. For guidance on creating IAM users and attaching policies, see the [AWS IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html).
-
-    - `sns:CreatePlatformEndpoint` — register devices with SNS
-    - `sns:GetEndpointAttributes` — retrieve device endpoint details
-    - `sns:SetEndpointAttributes` — update device endpoint registrations
-    - `sns:DeleteEndpoint` — unregister devices from SNS
-    - `sns:Publish` — send push notifications to device endpoints
-
-    !!! note
-        IAM users are global by default. If desired, you can limit the scope of these permissions to a specific AWS Region by defining the region in the policy's Resource ARN.
-
-3. Select the **Amazon SNS** tab on the Push Providers page.
-
-      ![Configure Amazon SNS]({{base_path}}/assets/img/guides/mfa/push/push-provider-configure-sns.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
+   ![Update Push Provider]({{base_path}}/assets/img/guides/mfa/push/push-provider-configured-fcm.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
 
-4. Enter the **AWS Access Key ID**, **AWS Secret Access Key**, and **AWS Region** of the IAM user you created.
-
-5. Add the platform application ARN for each platform you created:
-
-    1. Select the platform from the **Select Platform** dropdown.
-    2. Paste the platform application ARN in the text field.
-    3. Click **+ Add**.
-    4. Repeat for each platform.
-
-      ![Configure Amazon SNS Platform ARNs]({{base_path}}/assets/img/guides/mfa/push/push-provider-configure-sns-platforms.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
-
-6. Click **Update** to save your changes.
-
-!!! note
-    Choose an **AWS region** where Amazon SNS is available and geographically close to **your {{ product_name }}** deployment. This reduces latency between {{ product_name }} and Amazon SNS.
-    Because Amazon SNS acts as a push notification hub and the platform, such as FCM or APNs, delivers the final notification to the device, choosing a region close to your user base does not provide a significant latency advantage.
-
-## Configure the default push provider
-
-When a device does not specify a push provider in its registration request, {{ product_name }} registers the device with the default push provider. This is useful for maintaining backward compatibility with older versions of your authenticator application that do not include provider information in the registration payload.
-
-To set a provider as the default:
-
-1. Select the tab of the provider you want to set as the default.
-
-2. Enable the **Default** toggle.
-
-      ![Configure Default Push Provider]({{base_path}}/assets/img/guides/mfa/push/push-default-toggle.png){: width="600" style="display: block; margin: 0; border: 0.3px solid lightgrey;"}
-
-!!! important
-    Amazon SNS requires additional metadata, such as the `platform` field, in the registration request. For more information, see [Build your own push authenticator app]({{base_path}}/references/tutorials/build-your-own-push-authenticator-app/). Therefore, even if Amazon SNS is configured as the default provider, the registration payload must still include the required metadata.
-
-!!! note
-    If you configure **only one provider** and do not explicitly set a default provider, {{ product_name }} uses that provider for legacy registration payloads. In that case, {{ product_name }} registers the device with the configured provider. However, we recommend that you still mark the provider as the default if you need legacy payload support.

en/asgardeo/docs/assets/img/guides/mfa/push/push-provider-configure-sns-platforms.png

@@ -17,6 +17,7 @@ A push authenticator application should have the following capabilities:
 {{product_name}} provides the necessary APIs to build your own push authenticator application. The below given guide explains how to build a push authenticator application using the APIs
 provided by {{product_name}}.
 
+
 ## Register push notification device
 
 For the users to receive push notifications during an authentication flow, they need to register their devices with the {{product_name}}.
@@ -27,10 +28,10 @@ The registration process starts with the user scanning a QR code that contains t
 can be accessed from the MyAccount portal or when push device progressive enrollment is enabled for an authentication flow of an application.
 
 !!! note
-    Learn more about enrolling push notification devices [via My Account](../../guides/user-self-service/register-push-notification-device.md)
+    Learn more about enrolling push notification devices [via My Account](../../guides/user-self-service/register-push-notification-device.md) 
     and [progressive enrollment](../../guides/authentication/mfa/add-push-auth-login.md#enable-push-notification-device-progressive-enrollment).
 
-The content encoded in the QR code is retrieved from the response of the push device registration discovery data API endpoint.
+The content encoded in the QR code is retrieved from the response of the push device registration discovery data API endpoint. 
 This response contains the following information:
 
 <table>
@@ -85,24 +86,25 @@ From above response, information such as the **device ID**, **tenant domain**, *
 
 ### **Step 2**: Generate push authenticator app unique identifier
 
-To send push notifications, {{product_name}} needs a unique identifier for each user's device. This identifier ensures that the notification reaches the correct app instance.
-
-Depending on which push notification service you use, the process for obtaining this identifier varies:
+Push notifications are sent to a unique device of a user during the authentication process. These notifications are sent through different push notification services. 
+These services identify the device using a **unique identifier**. Since, the IAM system triggers the push notification through the 
+push notification service, the device unique identifier should be registered with the IAM system.
 
-- **Firebase Cloud Messaging (FCM)**: Since FCM acts as both the platform and the provider, obtain the **registration token** directly from the FCM SDK within your app. Learn more about [Firebase Cloud Messaging Architecture](https://firebase.google.com/docs/cloud-messaging/fcm-architecture){:target="_blank"}.
-- **Amazon SNS**: Since SNS acts as a delivery hub, it requires a token from the underlying platform push service (such as APNs for iOS or FCM for Android). Register the device with the specific platform first to obtain its native token, which SNS then uses to identify the endpoint. For the list of supported platforms, see [Step 5](#step-5-build-the-provider-object).
+{{product_name}} supports Firebase Cloud Messaging (FCM) to send push notifications. Firebase identifies the devices using a unique identifier called the **registration token**.
+This token will be generated by Firebase and assigned to the specific app instance in the device to uniquely identify it.
 
-Regardless of the service, retrieve this unique token from the app instance and include it in the registration request to {{product_name}} to enable push authentication.
+!!! note
+    Learn more about [Firebase Cloud Messaging Architecture](https://firebase.google.com/docs/cloud-messaging/fcm-architecture){:target="_blank"}.
 
 ### **Step 3**: Generate public and private key pair
 
 Since push notification based authentication leverages asymmetric cryptography to secure the authentication process,
 during the registration process, the device should generate a **public and private key** and securely store the private key on the device.
-The private key is used to sign the authentication response during the authentication process and the public key is used by the IAM system
+The private key is used to sign the authentication response during the authentication process and the public key is used by the IAM system 
 to verify the signed authentication response.
 
-{{product_name}} supports public and private key pairs generated using the **RSA algorithm** with a key size of **2048 bits**.
-In order to send the public key in the registration request, it should be converted to a **PEM format**, **headers and footers should be removed**,
+{{product_name}} supports public and private key pairs generated using the **RSA algorithm** with a key size of **2048 bits**. 
+In order to send the public key in the registration request, it should be converted to a **PEM format**, **headers and footers should be removed**, 
 and the content should be **base64 encoded**.
 
 ### **Step 4**: Generate the signature for registration verification
@@ -118,77 +120,7 @@ send it along with the registration request. The signature should be generated u
 4. Sign the concatenated string using the **RSA private key** that was generated during the registration process. Use **PKCS#1 v1.5 padding** and **SHA-256 hashing** before encryption.
 5. Encode the signature in **base64** format.
 
-### **Step 5**: Build the provider object
-
-The registration request includes a `provider` object that tells {{product_name}} which push notification provider to use for the device. You must construct this object based on the push provider your organization has configured in {{product_name}}.
-
-The `provider` object has the following structure:
-
-```json
-"provider": {
-  "name": "<provider name>",
-  "metadata": {
-    "<metadata key>": "<metadata value>"
-  }
-}
-```
-
-#### Determine the provider name
-
-Set `provider.name` to the name of one of the push notification providers that the administrator has configured in {{product_name}} and that your application intends to use for the device. The supported values are:
-
-- `FCM` — for Firebase Cloud Messaging
-- `AmazonSNS` — for Amazon Simple Notification Service
-
-#### Provider metadata
-
-Each provider has different metadata requirements.
-
-??? "Firebase Cloud Messaging (FCM)"
-    **FCM** does not require any additional metadata. Send an empty object for the `metadata` field.
-
-    ```json
-    "provider": {
-      "name": "FCM",
-      "metadata": {}
-    }
-    ```
-
-??? "Amazon Simple Notification Service (SNS)"
-    **Amazon SNS** requires a `platform` field that identifies the platform application the device registers with. Set `platform` to the value that matches the device's push platform.
-
-    | Device type | `platform` value |
-    |---|---|
-    | Android (Firebase/GCM) | `FCM` |
-    | iOS (APNs) | `APNS` |
-    | Amazon Fire OS | `ADM` |
-    | Windows Phone | `MPNS` |
-    | Windows | `WNS` |
-    | Baidu | `BAIDU` |
-
-    ```json
-    "provider": {
-      "name": "AmazonSNS",
-      "metadata": {
-        "platform": "APNS"
-      }
-    }
-    ```
-
-    !!! note
-        If the platform is `BAIDU`, include an additional `userId` field in `metadata`. This is the user identifier that the Baidu platform assigns to the end user.
-
-        ```json
-        "provider": {
-          "name": "AmazonSNS",
-          "metadata": {
-            "platform": "BAIDU",
-            "userId": "<Baidu user ID>"
-          }
-        }
-        ```
-
-### **Step 6**: Invoke the registration API
+### **Step 5**: Invoke the registration API
 
 As the final step of the registration process, the device should invoke the registration API of the {{product_name}} with the following information:
 
@@ -221,10 +153,6 @@ As the final step of the registration process, the device should invoke the regi
        <td><code>signature</code></td>
        <td>Base64 encoded, hashed and encrypted string value signed by the private key from the registering device (From Step 4).</td>
      </tr>
-     <tr>
-       <td><code>provider</code></td>
-       <td>The object containing the push notification provider details for the device. Includes the provider <code>name</code> and any provider-specific <code>metadata</code> required for device registration (From Step 5).</td>
-     </tr>
 </table>
 
 Based on the registration discovery data response, the push authenticator app should conditionally invoke the relevant
@@ -240,45 +168,18 @@ If response contains the **organization ID**, that means it is an **organization
 
 The below given is a sample request payload to be sent to the registration API.
 
-=== "Sample new request"
-
-    ```json
-    {
-      "deviceId": "<device unique identifier>",
-      "model": "<device model>",
-      "name": "<device name>",
-      "deviceToken": "<device unique identifier token>",
-      "publicKey": "<base64 encoded public key>",
-      "signature": "<base64 encoded signature>",
-      "provider": {
-        "name": "<provider name>",
-        "metadata": {
-          "<metadata key>": "<metadata value>"
-        }
-      }
-    }
-    ```
-
-=== "Sample legacy request"
-
-    ```json
     {
-      "deviceId": "<device unique identifier>",
-      "model": "<device model>",
-      "name": "<device name>",
-      "deviceToken": "<device unique identifier token>",
-      "publicKey": "<base64 encoded public key>",
-      "signature": "<base64 encoded signature>"
+      "deviceId": <device unique identifier>,
+      "model": <device model>,
+      "name": <device name>,
+      "deviceToken": <device unique identifier token>,
+      "publicKey": <base64 encoded public key>,
+      "signature": <base64 encoded signature>
     }
-    ```
-
-    !!! note
-        Although it is still supported with default provider configuration, it is highly recommended to use the new request payload. The main purpose for supporting this payload is to be backward compatible with already existing applications.
-
-        Note that Amazon SNS does not support this payload as it requires additional metadata.
 
 Upon successful registration, the registration request will return a **201 Created** response.
 
+
 ## Receive push notifications
 
 During a push notification based authentication flow, {{product_name}} builds the data required for the authentication and send it as a push notification through
@@ -355,9 +256,10 @@ The data sent through the push notification contains the following information:
 With the above information, the push authenticator app should display the authentication request information to the user.
 The user should be able to approve or deny the authentication request based on the information displayed.
 
+
 ## Invoke the authentication API
 
-The push authentication API endpoint has to be invoked to send an authentication response to the {{product_name}} server from the push authenticator application.
+The push authenticate API endpoint has to be invoked to send an authentication response to the {{product_name}} server from the push authenticator application. 
 With this request, the {{product_name}} server will validate the authentication response and complete the authentication flow.
 
 The authentication from the push authenticator app should be in the form of a JWT token signed with the private key generated during the registration process.