[MEN-3420] Invalidate server device token if tenant token changes in mender.conf - Northern.tech AS

XML

Word

Printable

Details

Type: Task
Status: Done
Priority: (None)
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Labels:
- Client
- Part

Story Points:
5
Backlog:
yes
Days in progress:
0

Description

The following scenario was discovered while switching a device between two tenants:

1. Mender server tenant token is configured in mender.conf
2. Mender client is started
3. Device gets authorized on the server and gets a valid device token (cached in DB on device)
4. Mender client is stopped
5. Mender server tenant token is changed in mender.conf
6. Mender client is started
7. Mender client detects a valid device token in DB and will use that, and hence not respect the changes done to the tenant token in mender.conf

Mender client will only renew the device token if it expires (7 days) or if the device is decommissioned on the server (gets a reject from the server).

Acceptance criteria:

Device stores tenant token and server URL together with JWT token in database.
When using the JWT, client must check that both of the currently configured tenant token and server URL values match what is stored for the JWT.
If either value is different, client must discard the JWT and request a new one.

Attachments

Activity

People

Assignee:: Ole Petter Orhagen

Reporter:: Mirza Krak

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 15/Apr/20 4:04 PM

Updated:: 07/Sep/21 8:12 AM

Resolved:: 07/Sep/21 8:12 AM