All services require a new token format (completed)

Completed: All services require a new token format

This is a cross-post of an incident on our Packet Broker status page.
It will be updated automatically.

Scheduled: Thu, 02 Dec 2021 11:00:00 +0100 until 12:00:00 +0100

Resolved: Fri, 03 Dec 2021 09:50:29 +0100

Affected Components


Scheduled

Posted: Sat, 02 Oct 2021 21:00:46 +0200

All Packet Broker services will be requiring a new OAuth 2.0 token format presented by the client. The new token format includes an audience that needs to match the host name of the service.

Services using Packet Broker, including The Things Stack from version 3.15.2, will support this.

The Things Stack Cloud and The Things Stack Community Edition will be upgraded end of October according to schedule.

We advise customers using The Things Stack Enterprise and Open Source in combination with Packet Broker to upgrade to 3.15.2 shortly after its release.

This maintenance is not a security fix, but rather a preparation to use Packet Broker tokens more widely in third-party services. Including an audience in the security token allows services to verify that the token is intended for that service, and avoids third-party services to use the received token on other services. See RFC 7519 - JSON Web Token (JWT) for more information.

In Progress

Posted: Fri, 03 Dec 2021 09:50:08 +0100

We are currently updating Packet Broker infrastructure to require the OAuth 2.0 token audience.

Completed

Posted: Fri, 03 Dec 2021 09:50:29 +0100

The scheduled maintenance has been completed.

@htdvisser / @johan, is there a less technical version of the above available please

Ah, I wasn’t aware this gets synced straight here. This isn’t relevant for the forums here.

OK, I’ve archived this one too:

The incident on our status page was just updated with new information. The first post in this topic has been updated accordingly.