APN Tokens should be hidden (password field) in the portal?
From what I've read the token in the Apple (APNS) section of the notification hub should be the contents of the p8 private key file.
I pasted this in and it is working fine however the full private key is there in plain text for anyone to see.
Did i use the wrong key / token here or should this be somehow hidden to stop someone copying it and then using it elsewhere?
You are correct, anyone with access to the notification hub can view the notification credentials for all notification providers. This is how the underlying API is built and while we could use a password field to hide the value in the UI, the value is still available in the browser. Additionally, it is common for customers to have trouble inputting these values and it’s important for them to be able to verify the value when troubleshooting. It’s important to control access to your notification hubs to prevent unauthorized users from accessing the stored credentials.”
From our side, we are planning to refresh this UI and we could consider hiding by default with a checkbox to show the value. Technically it’s not secure, but at least hides the value from casual access.