Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3420

Invalidate server device token if tenant token changes in mender.conf



    • Type: Task
    • Status: Done
    • Priority: (None)
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Days in progress:


      The following scenario was discovered while switching a device between two tenants:

      1. Mender server tenant token is configured in mender.conf
      2. Mender client is started
      3. Device gets authorized on the server and gets a valid device token (cached in DB on device)
      4. Mender client is stopped
      5. Mender server tenant token is changed in mender.conf
      6. Mender client is started
      7. Mender client detects a valid device token in DB and will use that, and hence not respect the changes done to the tenant token in mender.conf

      Mender client will only renew the device token if it expires (7 days) or if the device is decommissioned on the server (gets a reject from the server).

      Acceptance criteria:

      • Device stores tenant token and server URL together with JWT token in database.
      • When using the JWT, client must check that both of the currently configured tenant token and server URL values match what is stored for the JWT.
      • If either value is different, client must discard the JWT and request a new one.




            • Assignee:
              oleorhagen Ole Petter Orhagen
              mirzak Mirza Krak
            • Votes:
              0 Vote for this issue
              5 Start watching this issue


              • Created:

                Zendesk Support