Настройка работы с push уведомлениями через Firebase в мобильном приложении Apache Cordova

if (isset($arUser['UF_PUSH_DEVICE_TOKENS']) && count($arUser['UF_PUSH_DEVICE_TOKENS']) > 0) {

    // Получение Oauth токена ===================
    $serviceAccountFile = '{
                      "type": "service_account",
                      "project_id": "ID ПРИЛОЖЕНИЯ В FIREBASE",
                      "private_key_id": "000ab**********942c",
                      "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE***xQoFiug=\n-----END PRIVATE KEY-----\n",
                      "client_email": "firebase-adminsdk-cnzfe@**********.com",
                      "client_id": "1001***8621",
                      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
                      "token_uri": "https://oauth2.googleapis.com/token",
                      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
                      "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/firebase-adminsdk-cnzfe%40ID ПРИЛОЖЕНИЯ.iam.gserviceaccount.com",
                      "universe_domain": "googleapis.com"
                    }';
    function base64UrlEncode($text)
    {
        return str_replace(
            ['+', '/', '='],
            ['-', '_', ''],
            base64_encode($text)
        );
    }

    $authConfig = json_decode($serviceAccountFile);
    $secret = openssl_get_privatekey($authConfig->private_key);
    $header = json_encode([
        'typ' => 'JWT',
        'alg' => 'RS256'
    ]);
    $time = time();
    $start = $time - 60;
    $end = $time + 3600;
    $payload = json_encode([
        "iss" => $authConfig->client_email,
        "scope" => "https://www.googleapis.com/auth/firebase.messaging",
        "aud" => "https://oauth2.googleapis.com/token",
        "exp" => $end,
        "iat" => $start
    ]);
    $base64UrlHeader = base64UrlEncode($header);
    $base64UrlPayload = base64UrlEncode($payload);
    $result = openssl_sign($base64UrlHeader . "." . $base64UrlPayload, $signature, $secret, OPENSSL_ALGO_SHA256);
    $base64UrlSignature = base64UrlEncode($signature);
    $jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature;
    $options = array('http' => array(
        'method' => 'POST',
        'content' => 'grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=' . $jwt,
        'header' =>
            "Content-Type: application/x-www-form-urlencoded"
    ));
    $context = stream_context_create($options);
    $responseText = file_get_contents("https://oauth2.googleapis.com/token", false, $context);
    $response = json_decode($responseText, true);
    // Получение Oauth токена ==============================


    $url = "https://fcm.googleapis.com/v1/projects/ID ПРИЛОЖЕНИЯ В FIREBASE/messages:send";

    $headers = [
        'Authorization: Bearer ' . $response['access_token'],
        'Content-Type: application/json',
    ];

    foreach ($arUser['UF_PUSH_DEVICE_TOKENS'] as $DEVICE_TOKEN) {
        $notification = [
            'message' => [
                'token' => $DEVICE_TOKEN,
                'notification' => [
                    'title' => 'Новый заказ',
                    'body' => '"Новый заказ N' . $arResult["ORDER"]['ID'],
                ],
            ],
        ];

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($notification));

        $response = curl_exec($ch);

        if ($response === false) {
            // echo 'Error sending push notification: ' . curl_error($ch);
        } else {
            // echo 'Push notification sent successfully: ' . $response;
        }

        curl_close($ch);
    }
}

     /**
     * Запрос токена авторизации с посощью CURL
     * 
     *  Получения json файла приватного ключа. Firebase console - открыть проект - project settings - вкладка service accounts - кнопка generate new private key
     *
     * @param string $PrivateKey - параметр private_key из json файла
     * @param string $AccountName - параметр client_email из json файла
     * @param int|null $AccessTokenMaximumExpirationTime - Время действия токена. Допустимо значение от 1сек до 3600 сек. По умолчанию 3600 сек. (1 час)
     * @param int|null $RequestTimeout - устанавливет CURLOPT_CONNECTTIMEOUT и CURLOPT_TIMEOUT
     * @return string - токен  или пустая строка
     * @throws \Exception
     */
    function RequestAccessToken(string $PrivateKey, string $AccountName, ?int $AccessTokenMaximumExpirationTime = 3600, ?int $RequestTimeout = 10): string{
        if($PrivateKey != '' and $AccountName != ''){
            $StartTime = time();
            
            $Header = json_encode([
                'alg' => 'RS256',
                'typ' => 'JWT'
            ]);

            if(!isset($RequestTimeout) or $RequestTimeout < 0) $RequestTimeout = 10

            if(!isset($AccessTokenMaximumExpirationTime) or $AccessTokenMaximumExpirationTime <= 0 or $AccessTokenMaximumExpirationTime > 3600){
               $AccessTokenMaximumExpirationTime = 3600;
            }

            $AccessTokenExpirationEndTime = $StartTime + $AccessTokenMaximumExpirationTime;
            
            $Aud = 'https://oauth2.googleapis.com/token';
            
            $Data = json_encode([
                'iss' => $AccountName,
                'scope' => 'https://www.googleapis.com/auth/firebase.messaging',
                'aud' => $Aud,
                'exp' => $AccessTokenExpirationEndTime,
                'iat' => $StartTime
            ]);
            
            $Base64UrlHeader = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($Header));
            $Base64UrlData = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($Data));
            
            $Signature = '';
            
            $PrivateKey = openssl_get_privatekey($PrivateKey);
            
            openssl_sign("{$Base64UrlHeader}.{$Base64UrlData}", $Signature, $PrivateKey, OPENSSL_ALGO_SHA256);
            
            $Base64UrlSignature = str_replace(['+', '/', '='], ['-', '_', ''], base64_encode($Signature));
            
            $JWT = "{$Base64UrlHeader}.{$Base64UrlData}.{$Base64UrlSignature}";
            
            $PostFields = [
                'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer',
                'assertion' => $JWT
            ];
            
            $Ch = curl_init($Aud);
            curl_setopt($Ch, CURLOPT_CONNECTTIMEOUT, $RequestTimeout);
            curl_setopt($Ch, CURLOPT_TIMEOUT, $RequestTimeout);
            curl_setopt($Ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($Ch, CURLOPT_POSTFIELDS, $PostFields);

            $Result = curl_exec($Ch);
            
            $Errno = 0;
            $Error = '';
            
            if($Result === false){
                $Errno = curl_errno($Ch);
                $Error = curl_error($Ch);
            }
            
            curl_close($Ch);
            
            if($Errno > 0 and $Error != ''){
                throw new \Exception($Error, $Errno);

            }else{
                if($Result !== false){
                    $Result = @json_decode($Result, true);

                    if(is_array($Result)){
                        if(isset($Result['access_token'])){
                            return trim($Result['access_token']);

                        }else if(isset($Result['error'])){
                            throw new \Exception($Result['error']['message'], $Result['error']['code']);

                        }
                    }
                }
            }
        }else{
            if($PrivateKey == ''){
                throw new \Exception('Не указан закрытый ключ.', 110);
            }

            if($AccountName == ''){
                throw new \Exception('Не указано имя учетной записи.', 110);
            }
        }
        
        return '';
    }