send_fcm.sh

#!/bin/bash
# send_fcm.sh
# Usage: ./send_fcm.sh "
# This is just some sort of conversion of this page:
# https://tasker.joaoapps.com/tests/remote%20task%20execution%20example.html made by João Dias the owner of Tasker.

SERVICE_ACCOUNT_FILE="PUT YOUR FILE PATH HERE"
GOOGLE_SERVICES_FILE="PUT YOUR FILE PATH HERE"
DEVICE_TOKEN="THE TOKEN FOR THE REMOTE DEVICE"
TEXT_TO_SHOW="Hi, this is just a test."

# Check if required commands are available: jq, openssl, curl
for cmd in jq openssl curl; do
    if ! command -v "$cmd" &> /dev/null; then
        echo "Error: $cmd is required but not installed."
        exit 1
    fi
done

# Extract required fields from the service account file
CLIENT_EMAIL=$(jq -r '.client_email' "$SERVICE_ACCOUNT_FILE")
PRIVATE_KEY=$(jq -r '.private_key' "$SERVICE_ACCOUNT_FILE")
if [ -z "$CLIENT_EMAIL" ] || [ -z "$PRIVATE_KEY" ]; then
    echo "Error: Could not extract client_email or private_key from $SERVICE_ACCOUNT_FILE"
    exit 1
fi

# Extract project ID from the google services file
PROJECT_ID=$(jq -r '.project_info.project_id' "$GOOGLE_SERVICES_FILE")
if [ -z "$PROJECT_ID" ]; then
    echo "Error: Could not extract project_id from $GOOGLE_SERVICES_FILE"
    exit 1
fi

# Function for Base64 URL-safe encoding (no padding, '+' -> '-', '/' -> '_')
base64url_encode() {
    openssl base64 -e -A | tr '+/' '-_' | tr -d '='
}

# Generate JWT Header and Payload
header='{"alg":"RS256","typ":"JWT"}'
iat=$(date +%s)
exp=$((iat + 3600))
scope="https://www.googleapis.com/auth/firebase.messaging"
aud="https://oauth2.googleapis.com/token"

payload=$(jq -n \
    --arg iss "$CLIENT_EMAIL" \
    --arg scope "$scope" \
    --arg aud "$aud" \
    --argjson iat "$iat" \
    --argjson exp "$exp" \
    '{iss: $iss, scope: $scope, aud: $aud, iat: $iat, exp: $exp}')

# Base64url encode header and payload
header_enc=$(echo -n "$header" | base64url_encode)
payload_enc=$(echo -n "$payload" | base64url_encode)
jwt_unsigned="${header_enc}.${payload_enc}"

# Write the private key to a temporary file
temp_key=$(mktemp)
# Replace literal "\n" sequences with actual newlines
printf '%b' "$PRIVATE_KEY" > "$temp_key"

# Sign the JWT using the RS256 algorithm
signature=$(echo -n "$jwt_unsigned" | openssl dgst -sha256 -sign "$temp_key" | base64url_encode)
rm "$temp_key"

# Construct the final JWT
JWT="${jwt_unsigned}.${signature}"
echo "Generated JWT."

# Request an access token using the JWT
response=$(curl -s -X POST https://oauth2.googleapis.com/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=${JWT}")

access_token=$(echo "$response" | jq -r '.access_token')
if [ "$access_token" == "null" ] || [ -z "$access_token" ]; then
    echo "Error fetching access token: $response"
    exit 1
fi
echo "Obtained access token."

# Construct the FCM message payload
fcm_url="https://fcm.googleapis.com/v1/projects/${PROJECT_ID}/messages:send"
message_payload=$(jq -n \
    --arg deviceToken "$DEVICE_TOKEN" \
    --arg text "$TEXT_TO_SHOW" \
    '{
        validate_only: false,
        message: {
            token: $deviceToken,
            android: { priority: "high" },
            data: {
                task: "Show Toast",
                "%text": $text
            }
        }
    }')

# Send the FCM message
fcm_response=$(curl -s -X POST "$fcm_url" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${access_token}" \
  -d "$message_payload")

echo "FCM Response:"
echo "$fcm_response"

This script is just a conversion of this page: https://tasker.joaoapps.com/tests/remote%20task%20execution%20example.html
That was made by João Dias the owner of Tasker so all credits go to him.