Hey guys,

we are planing the estimates and amount of work needed to bring our APNs API calls to latest and greatest. Besides the HTTP/2 stuff, Apple has some other interesting changes:

* AGPUSH-1482 one certificate for push 

* AGPUSH-1900 Token based authentification

I think this naturally leads to a few questions

- AGPUSH-1482

With this Apple removes the need for different certificates for the different stages (PROD/DEV). But what about backwards compatiblity? We could deprecate the "old" Variant type, and create a new variant, just having one certificate, but still keeping the choice of PROD/DEV, because they still have different APIs to call in, for PROD and DEV. But they just don't worry about the type of the certificate anymore. Implementation wise this means the one cert is applied regardless of the chosen stage. Also, changing the stage in the UI, does NOT require to update the certificate anymore.

- AGPUSH-1900 

Should we just ignore the "one certificate" thing and just do token based auth? Not sure... perhaps some shops are still 'relying' on the certificate based solution. So, the token-based auth could result into a new iOS variant (JWT token flavor'd). The DEV/PROD stage is a thing here as well ;-)

My suggestion is:

* deprecate current iOS type in the UI, and QUICKLY remove it

* add "one certificate style auth" variant for iOS

* add "Token auth" variant for iOS 

What do folks generally feel about this topic?

Greetings,

Matthias