Hi everyone
we develop an application for our customers. Rules from ours customers are very strict : it is NOT possible to expose anything, even web service to provide Oauth callback. So my question is : is ttn provide a mecanism to obtain a bearer token without callback url ? how can we do, for example, if we want a bearer token for an android application ? FYI we need a bearer token to manage gateways and devices.
BR
Having individual Android applications authenticate to manage gateways & devices feels like a design waiting for a disaster. And presumably not restricted by the customer not allowing you to expose anything.
Overall, I’d look at using a internet server that acts as a proxy - your customers network interacts with the server and the server does what’s needed.
Hello, thank you for your prompt response. The example of an android application has been taken to explain my idea. This is not the final goal. But I am disappointed that TTN never thinks about people or b2b systems acting behind a firewall with very strict rules and that nothing is proposed to bypass the OAuth mechanism or at least another less constraining system.
I would be surprised if no one else had this problem.
Never thinks? Never? How could they possibly be all things to all people?
You could take it up with TTI - the commercial part of TTN - I’m sure they’d be happy to consult with you.
As for me, I don’t use TTN commercially, but I do have a server to act as a proxy to resolve such issues. A solution you seem to have dismissed.
PS, most of us here are LoRaWAN enthusiasts, not members of staff.
if you know of a link to this type of utility that TTN offers, I’m interested :-).
More seriously, I work in industry and closed networks are very common for security reasons. That’s why I think that I shouldn’t be the only one and that maybe there are elements already ready to be used.
Thanks for your time.
What are you trying to create? If connecting through a single user account is sufficient you could look into using ttnctl, it requires authentication once (manual) and can re-use the token obtained for subsequent requests.
As do I and yes they are. Hence the use of a proxy for TTN (PHP based) as I don’t expect a free service for community use to provide any & every access point. But as @kersing suggests, shelling out to ttnctl is a good option as well, if not easier as you don’t have to go back & forth with OAuth.
I hadn’t thought of this solution, but yes, it’s a very good idea. Thank you for your answer. I will try this solution.
Yes I understand but the idea was to reuse what others have already done. Not out of laziness but rather in the sense of using proven elements, as proposed by open source frameworks (to which I sometimes contribute).
thanks for your time and responses
Note there’s a difference between using the code in your own instance, and using TTN’s running instance.
There are obviously positives to using the shared community infrastructure, particularly the shared fleet of gateways. At the same time, your client sounds like they may have requirements which the community network may be unable to meet, well beyond the one you’ve currently mentioned.
But yes, if their concern is specific to exposing their infrastructure and not the (non-) reliability or post-decryption secrecy of this particular data feed, then something in between could potentially work.
So I’ve done a login with access code and obtains some informations about devices with ttncli, that’s great.
But it seems that the login is limited to 1h (a json file is write into folder .ttncli and contains access_token, token_type, refresh_token, expiry).
Maybe I’m wrong but it seems that ttncli doesn’t use the refresh token to obtains a new one.
Is there a solution to “force” a token refresh from ttncli ? I read the documentation but nothing about that.
my bad, the refresh seems to work but how long is the refresh token valid for?
For at least a year in my experience.