
Show HN: The Provisionator – Apple push notification certificate wizard - gdeglin
https://gamethrive.com/provisionator
======
mbesto
_We log into Apple 's developer panel on your behalf in order to complete some
of the required steps. Your credentials will not be stored._

Yaaaaa.....no. This is extremely dangerous and without knowing anything about
your source code, there is no way in hell I'm putting my credentials in there.
In fact, this is borderline phishing.

~~~
gdeglin
Hi mbesto, author of this tool here. I definitely understand your concern. I
would encourage people to change their password before/after using the tool if
they want to play it safe -- but you do have my word that we don't store the
credentials at all (not in our logs either).

Initially I started working on this to be used just by our customers. After
chatting with other iOS devs, we saw that messing up Push Certificates was
such a common problem that we decided to make it open to everyone.

~~~
Jugurtha
Hey,

I know you are genuinely trying to solve a problem.. But look at the comments:
Three comments with the exact same reaction.

Only Hodor would get to Step 2.

Something similar to OAuth 2.0 would be better.

~~~
gdeglin
Thanks Jugurtha. If Apple supported OAuth login (or anything else really) we'd
definitely use it.

As things are, there's not really much that can be done unfortunately. We do
plan to open source this in the near future however, which should make us seem
a bit more trustworthy at least.

For now I added a note encouraging people to change their password after using
the tool.

Ultimately the solution is probably for Apple to improve the process of
creating certificates. Right now almost all instructions on how to do so
require you to use Keychain Access (So you must be on a Mac), followed by
typing commands into openssl on the command line. There's a lot of room for
error and StackOverflow is filled with people running into problems during the
process, so hopefully this tool saves some people time.

------
Jugurtha
"Step 1: Enter your Apple credentials.."

 _Chuckles, closes tab, returns to Thunderbird to get HN link and write this_.

------
spleeyah
> Step 1: Enter your Apple credentials

Oh my gosh, please nobody use this.

