External Join Server

I would like to use an external join server to handle the join requests. Is there any document that explains how this can be done? What will be the format of the messages exchanged between the Lora Application Server and the join server? Thanks.

The join-server API is specified by the LoRaWAN Backend Interfaces specification. Note that from the LoRa (App) Server side there might be some small additional changes needed.

As LoRa App Server currently acts as the join-server, it will directly populate the AppSKey when the device is being activated. The official way is that the join-server will pass the AppSKey to the network-server (LoRa Server) and the on the first uplink the network-server (LoRa Server) will hand this AppSKey over to the application-server (LoRa App Server).

In order to make this secure, the key envelope meganism must be in place (which isn’t yet), so that the key communicated from the JS -> NS -> AS is encrypted using an encryption-key known to the application-server.

This will be added, but hasn’t been a priority for me (yet). For the API specification, see: https://www.lora-alliance.org/lorawan-for-developers.

Thanks, brocaar, for the quick reply.
One thought that I have for now is as follows:

  • When the app server receiver join request, it passes the join request to my join server.
  • My join server creates the AppKey and pass it back to the app server.
  • The app server calculates the AppSKey and populates it.

Is this scenario possible to implement with the current version of the project? Thanks.

That is not possible, the AppKey must already be known before the join as it is used by the device to generate the MIC of the join-request.

Sorry, I did not mention that before the scenario that I am proposing in my previous reply, I will provision the key into the end device (sensor) such that it can calculate the MIC on the join-request.
Is it possible to run the scenario in this case?

  • When the app server receiver join request, it passes the join request to my join server.
  • My join server creates the AppKey and pass it back to the app server.

Then what would be the extra benefit of the external join-server when you’ll hand over the root key to LoRa App Server on join? Then why not use enter the root key directly in LoRa App Server or use the API to do so?

Hi @brocaar

Is there any documentation on how the AppSKey and NwkSKey is processed, on loraserver, now? I imagine that it has been updated since Jan '18. I imagine that LoRa Server still acts as the network-server and that LoRa App Server acts as the application-server.

Furthermore, what will happen to the AppSKey after it’s been populated by LoRa App Server? Will it be stored at the application-server (LoRa app server)? Also, if we have our own extern application-server, and we’re going to use REST API, will the AppSKey be transferred to the extern application-server as well, or how does that work?

I tried to use an external join server. Except I don’t think the SNI (Server Name Indication) is sent along, which I use to send it to a specific backend, based on the hostname. It would be nice if this could be enabled somehow in the code.

Stay tuned, this is coming (it already is implemented in the latest NS test version)