基于Apple推送通知令牌的身份验证是使用提供程序证书连接到APN的替代方法。提供者API支持JSON Web Token（或JWT），一种开放标准，用于将身份验证声明与推送消息一起传递给APN。

要生成提供者令牌，请获取用于签署
令牌的私钥，如创建通用提供程序令牌App
分发指南中所述。您应该使用包含10个字符的密钥ID（kid）的标头
构造一个标记。令牌声明部分
包含Issuer（iss），它是一个10个字符的团队ID。您的团队ID
和密钥ID值可以从您的开发者帐户中获取。
索赔还应包含Issued At（iat），这是生成令牌时UTC中Epoch的
秒数。令牌必须使用P-256曲线和SHA-256哈希算法（ES256）使用椭圆曲线数字签名算法（ECDSA）
签名
，
指定为算法密钥（alg）。

To generate a provider token, obtain a private key for signing the token as described in Creating a Universal Provider Tokenin App Distribution Guide. You should construct a token with header containing a 10 character Key ID (kid). The token claims portion contains Issuer (iss) which is a 10 character Team ID. Your Team ID and Key ID values can be obtained from your developer account. The claims shall also contain Issued At (iat) which is the number of seconds from Epoch in UTC when the token was generated. The token must be signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) using the P-256 curve and the SHA-256 hash algorithm (ES256), specified as a value in the algorithm key (alg).

{
    "alg": "ES256",
    "kid": "ABC123DEFG"
}
{
    "iss": "DEF123GHIJ",
    "iat": 1437179036
 }

有关生成签名JSON Web令牌的可用库列表的其他信息，请参阅 https://jwt.io

For additional information along with list of available libraries for generating signed JSON web tokens, refer to https://jwt.io

这是一个快速的库来签署你的JSON Web令牌（或JWT）： kylef / JSONWebToken.swift

This is a swift library to sign your JSON Web Token (or JWT) : kylef/JSONWebToken.swift

注意：APN仅支持
支持使用ES256算法签名的提供者令牌。使用其他算法签名的无担保JWT或JWT将被拒绝，并且响应表明无效的提供者令牌。

Note: Only providers tokens signed with ES256 algorithm are supported by APNs. Unsecured JWT or JWT signed with other algorithms will be rejected with a response indicating an Invalid Provider Token.

消息： APPLE：提供商身份验证令牌

WWDC 2016 - 会话724：基于令牌身份验证

WWDC 2016 - Session 724 : Token Based Authentication

PS：

最大的区别在于The Key Way不会过期，证书将在一年后过期。