search

thin-edge / thin-edge.io

The open edge framework for lightweight IoT devices
https://thin-edge.io
Apache License 2.0
219 stars 54 forks source link

The mapper must not forward expired JWT tokens to the agent #2175

Closed didier-wenzek closed 1 year ago

didier-wenzek commented 1 year ago

The Cumulocity mapper caches JWT tokens and refreshes them only on 401 authentication errors. This leads to an issue when these cached tokens are forwarded to the agent. The latter has currently no way to request a fresh token. The impacts are that all software update operations will fail till another operation triggers a token refresh.

The point here is to have a quick fix: the jwt token forwarded by the mapper to the agent must be a fresh token.

The main design issue (i.e. the mapper sending a JWT token to the agent with no way for the later to request a fresh one) will be fix independently.

PradeepKiruvale commented 1 year ago

The issue is addressed temporarily in this PR https://github.com/thin-edge/thin-edge.io/pull/2178. This is just a workaround. The real problem will be fixed in this ticket https://github.com/thin-edge/thin-edge.io/issues/2174