Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-3420

Invalidate server device token if tenant token changes in mender.conf

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Days in progress:
      0

      Description

      The following scenarion was discovered while switching a device between two tenants:

      1. Mender server tenant token is configured in mender.conf
      2. Mender client is started
      3. Device gets authorized on the server and gets a valid device token (cached in DB on device)
      4. Mender client is stopped
      5. Mender server tenant token is changed in mender.conf
      6. Mender client is started
      7. Mender client detects a valid device token in DB and will use that, and hence not respect the changes done to the tenant token in mender.conf

      Mender client will only renew the device token if it expires (7 days) or if the device is decommissioned on the server (gets a reject from the server).

      Acceptance criteria:

      • Device stores tenant token and server URL together with JWT token in database.
      • When using the JWT, client must check that both of the currently configured tenant token and server URL values match what is stored for the JWT.
      • If either value is different, client must discard the JWT and request a new one.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mirzak Mirza Krak
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel