search

IoT-Makers / sigfox-platform

Open Source platform to display and parse Sigfox messages in real time with Sigfox, GPS, WiFi & beacon geolocalisation
GNU Affero General Public License v3.0
45 stars 32 forks source link

API key suddenly stopped working #9

Open ghost opened 5 years ago

ghost commented 5 years ago

Describe the bug We had a test running on https://try.iotagency.sigfox.com but it had stopped reporting on the 22nd of January. (The first message that got the 401 arrived at 2019-01-22 10:37:40)

On the SigFox backend we got a 401 message:

[ERROR] - Base station 3849 - 1 second 401 - Unauthorized - #1 POST https://api.try.iotagency.sigfox.com/api/Messages/sigfox HTTP/1.0 authorization : <was valid, redacted for obvious reasons> content-length : 180 accept-encoding : gzip,deflate accept-language : fr host : api.try.iotagency.sigfox.com user-agent : SIGFOX accept-charset : UTF-8;q=0.9,*;q=0.7 content-type : application/json

{ "deviceId": "20AEAB", "time": 1548682015, "seqNumber": 9, "data": "101207480000000100000001", "reception": [{ "id": "3849", "RSSI": -118.00, "SNR": 18.11 }], "duplicate": false }

The authorization key was however correct. I generated a new authorization key and inserted this one in the SigFox backend, and the 401 messages disappeared. The device is now reporting again.

Expected behavior The key should have continued to work as it had already been running for a couple of days.

adechassey commented 5 years ago

Hello Giovanni, This is quite strange as the error has already been seen some time ago. I will keep track of this issue but a new way of managing the developer access tokens has to be implemented in the future anyway. @siyu6974 will have a look at this this week if he can. I know the Sigfox Backend can also be buggy, do not hesitate to validate twice when updating the callbacks...

ghost commented 5 years ago

Hello Antoine,

Just to clarify, we did not do any changes at the time. The callback was set up somewhere at the end of december and had been running fine up until Jan. 22. It was only today when I noticed the demo was not working anymore on the dashboard page that I needed to update the callback with a new API key.

Kind regards, Giovanni.

adechassey commented 5 years ago

Hello Giovanni,

Coming back to this issue, I just figured the tokens where automatically deleted when a user changes his password. This is a default security functionality implemented by Loopback (the backend framework used). When I have some time, I will isolate developer access tokens to another collection, preventing this to happen. I'll let the issue open until I implement the fix.

Best regards, Antoine

Vandewaetere commented 4 years ago

Hi Antoine,

I just noticed that again the tokens got deleted recently (so our devices stopped reporting because of an authorization error). I see that there has been some activity on this repository again. Was our auth. key deleted due to an update? This time I am sure I did not change the password.

In the future can we expect this to happen again?

Kind regards, Giovanni.

adechassey commented 4 years ago

Hi Giovanni,

Nothing must have been deleted. The only possible error I see might be a change in the callbacks on the Sigfox Backend..

Best, Antoine