Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smoothen root key provisioning and device claiming #3770

Closed
johanstokking opened this issue Feb 9, 2021 · 4 comments
Closed

Smoothen root key provisioning and device claiming #3770

johanstokking opened this issue Feb 9, 2021 · 4 comments
Assignees
@johanstokking
Labels
c/console This is related to the Console documentation This involves writing user documentation in progress We're working on it needs/discussion We need to discuss this needs/ux This needs UX design / approval size/large Bigger than you think ui/web This is related to a web interface umbrella This issue needs actionable issues referenced
Milestone
v3.16.0

Comments

@johanstokking
Copy link
Member

johanstokking commented Feb 9, 2021
edited
Loading

Summary

Smoothen the provisioning of root keys when creating new devices, and claiming end devices. This should be combined in one flow that covers 99% of the use cases.

Replaces #2777
Replaces https://github.com/TheThingsIndustries/lorawan-stack/issues/2250
References https://github.com/TheThingsIndustries/lorawan-stack/issues/2345

Why do we need this?

For users, creating and claiming end devices can be confusing. The goal is often the same: onboarding new end devices.

I'd like to cover the following cases:

Where are the keys What to enter What mechanism to use Where does it go JoinEUI
[1] Exposed to the user Root keys Creation Cluster-local Join Server Cluster-local JoinEUI
[2] Exposed to the user Root keys Creation * The Things Join Server 70B3D57ED0000000/36
[3] The Things Join Server Claim authentication code Claiming ** / *** N/A 70B3D57ED0000000/36
[4] Cluster-local Join Server Claim authentication code Claiming *** N/A Any
[5] Semtech Join Server PIN Claiming *** N/A 58A0CB0000000000/24

* this should be configured via config, and should be based on a JoinEUI
** which claiming mechanism should be used is configurable but that is out of scope of this issue. References https://github.com/TheThingsIndustries/lorawan-stack/issues/2347
*** scanning a QR code can also work

What is already there? What do you see now?

Currently, there's a checkbox "External Join Server". Checking this assumes that the device is already claimed on the external JS, but it's not clear that this step is necessary. With that disabled, only use case 1 is supported.

What is missing? What do you want to see?

Support all the provisioning and claim flows above.

How do you propose to implement this?

I think we need a combination of:

  1. Front-end configuration of whether it is possible to create a device on The Things Join Server (use case 2). Generally speaking, we probably want a dropdown list of JoinEUI ranges that map to a Join Server address that is in the same realm as the cluster. That is, as The Things Join Server is part of The Things Stack Cloud, authentication from The Things Network does not work, but from The Things Stack Cloud does work
  2. Configuration in the implementation of the End Device Claiming Server to either claim end devices directly, or only configure the NetID and NSID. The latter would need to go via different interfaces: The Things Stack Join Server needs to expose a "claim API". The Semtech Join Server already exposes such an API: https://www.loracloud.com/documentation/join_service?url=appo_api.html#claim-devices
  3. We should make this really easy for the user. When we have the JoinEUI (by selecting from a dropdown, entering a custom one or scanning a QR code), we can already narrow the options. If the JoinEUI indicates a Join Server (use case 2, 3, 4 and 5), the next question is what the user has: the root key (use case 2) or a claim authentication code (potentially in the QR code, use cases 3, 4 and 5). In the latter case, the use case is defined by the JoinEUI.
  4. Authentication mechanism between components. We probably want to figure out a way to get rid of TLS mutual authentication for The Things Join Server. Can we use API keys?
  5. Documentation to use The Things Join Server using LoRaWAN Backend Interfaces

Thoughts?

How do you propose to test this?

Lots of testing

Can you do this yourself and submit a Pull Request?

Can test
@johanstokking johanstokking added c/console This is related to the Console needs/discussion We need to discuss this umbrella This issue needs actionable issues referenced ui/web This is related to a web interface labels Feb 9, 2021
@johanstokking johanstokking added this to the March 2021 milestone Feb 9, 2021
@johanstokking johanstokking mentioned this issue Feb 9, 2021
Closed
@johanstokking johanstokking modified the milestones: March 2021, v3.12.0 Mar 1, 2021
@johanstokking
Copy link
Member Author

@htdvisser @kschiffer @bafonins please provide thoughts so we can finalize the implementation plan and land it in 3.12.

@bafonins bafonins mentioned this issue Mar 2, 2021
Closed
@htdvisser
Copy link
Contributor

This looks like quite a big and complicated feature, and I doubt that we'll be able to finish the UX design and implementation for v3.12.0.

Perhaps you (@johanstokking) should first work with @kschiffer on the UX design, so that it's more clear what exactly we're building. After that I think we should tackle the different provisioning flows one-by-one.

Other than that, I don't have much to say about this.

@johanstokking johanstokking modified the milestones: v3.12.0, 2021 Q2 Mar 14, 2021
@johanstokking johanstokking mentioned this issue Mar 16, 2021
Closed
@kschiffer kschiffer added size/large Bigger than you think needs/ux This needs UX design / approval labels Mar 31, 2021
@kschiffer kschiffer modified the milestones: 2021 Q2, 2021 Q3 Jun 1, 2021
@johanstokking johanstokking mentioned this issue Jul 21, 2021
Merged
5 tasks
@johanstokking johanstokking added the documentation This involves writing user documentation label Aug 5, 2021
@elsalahy
Copy link

elsalahy commented Aug 5, 2021
edited
Loading

It would be great if we can prioritize this issue so that we can claim the 500 batch of generic nodes on the community cluster.
We have a production deadline on the 15th of August.
We need to test this before placing the QR codes on the back of the devices.
cc: @azerimaker @johanstokking @NicolasMrad

@johanstokking johanstokking modified the milestones: 2021 Q3, v3.15.0 Aug 5, 2021
@NicolasMrad NicolasMrad modified the milestones: v3.15.0, 2021 Q3 Sep 7, 2021
@NicolasMrad NicolasMrad modified the milestones: 2021 Q3, v3.15.2 Sep 15, 2021
@johanstokking johanstokking modified the milestones: v3.15.2, v3.16.0 Oct 19, 2021
@johanstokking johanstokking added the in progress We're working on it label Nov 9, 2021
@johanstokking
Copy link
Member Author

Replaced by #4847

@johanstokking johanstokking mentioned this issue Nov 9, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johanstokking johanstokking

Labels
c/console This is related to the Console documentation This involves writing user documentation in progress We're working on it needs/discussion We need to discuss this needs/ux This needs UX design / approval size/large Bigger than you think ui/web This is related to a web interface umbrella This issue needs actionable issues referenced
Projects
None yet
Milestone
v3.16.0
Development

No branches or pull requests
6 participants
@htdvisser @kschiffer @johanstokking @bafonins @elsalahy @NicolasMrad