[release] ChirpStack Application Server v3.11 (test releases)

Announcements
1

ChirpStack Application Server v3.11.0-test.1

Features

OpenID Connect authentication

This feature makes it possible to use an OpenID Connect authentication backend together with ChirpStack Application Server, for example Auth0.com. Users are automatically matched based on email address on the first login. If there is a succesful match, an external OpenID Connect user identifier is associated with the user, so that even in case of an email address update, it can still be matched (and updated in the ChirpStack Application Server database).

The implementation of this feature required a couple of changes:

Usernames

Usernames no longer exist in ChirpStack Application Server and have been renamed to email. Existing users can still login with their username, but on user update, the username must be set to an email address.

Previously there was an unused email field. As there was no guarantee that this field was unique this field has been deprecated. It is still present in the database as email_old so that the new email field (containing the old username as value) can be updated by hand if needed.

Create users

Creating new users as an organization admin has been removed. However, the OpenID Connect integration provides a registration_enabled option, which automatically creates new users when it does not exist.

Together with the registration_callback_url, it can be used to automatically onboard new users. When this option is set, ChirpStack Application Server will make a HTTP request to configured URL when a new user is created. This makes it possible to implement an onboarding service which (using the API) could:

  • Create an organization for the given user ID
  • Setup one or multiple service-profiles
Assigning users to organization

Previously there was an auto-complete field to assign an user to an organization. As the username has been replaced by email and to not leak email addresses, the autocomplete function has been removed and the exact email must be given when associating a given user with an organization.

LoRa Cloud geolocation

This migrates the geolocation integration from ChirpStack Network Server to ChirpStack Application Server and allows a per-application integration configuration. The current integration provides support for TDOA and RSSI based geolocation. This will be extended by future releases to also support the LR1110 capabilities.

Disable device

This feature makes it possible to (temporarily) disable a device.

Improvements

  • Make it possible to use activate API endpoint for OTAA devices (to import an existing activation).
  • Gateway Profile / channel-plan re-configuration documentation in web-interface.
  • Internal cleanup auto-complete select in web-interface.
  • Expose (un)confirmed + DevAddr in integration payloads. (#453)
  • Highlight rlow when hovering over table rows in web-interface. (#474)
  • Include Network Server name column in Device- and Service Profile list. (#475)
  • Include RSSI and SNR in ThingsBoard integration. (#478)
  • Align Gateway detail overview styling. (#480)

Bugfixes

  • Fix delete icon in gateway-profile UI (was showing + icon instead of delete).

Testing

Debian

Use the testing channel instead of stable:

sudo echo "deb https://artifacts.chirpstack.io/packages/3.x/deb testing main" | sudo tee /etc/apt/sources.list.d/chirpstack.list

Docker

Use the chirpstack/chirpstack-application-server:3.11.0-test.1 image and tag (will be available shortly).

3 Likes
2

Excited about the openid integration. Great work!

3

Yay. More useful features!

4

ChirpStack Application Server v3.11.0-test.3

Features

OpenID Connect authentication

This feature makes it possible to use an OpenID Connect authentication backend together with ChirpStack Application Server, for example Auth0.com. Users are automatically matched based on email address on the first login. If there is a succesful match, an external OpenID Connect user identifier is associated with the user, so that even in case of an email address update, it can still be matched (and updated in the ChirpStack Application Server database).

The implementation of this feature required a couple of changes:

Usernames

Usernames no longer exist in ChirpStack Application Server and have been renamed to email. Existing users can still login with their username, but on user update, the username must be set to an email address.

Previously there was an unused email field. As there was no guarantee that this field was unique this field has been deprecated. It is still present in the database as email_old so that the new email field (containing the old username as value) can be updated by hand if needed.

Create users

Creating new users as an organization admin has been removed. However, the OpenID Connect integration provides a registration_enabled option, which automatically creates new users when it does not exist.

Together with the registration_callback_url, it can be used to automatically onboard new users. When this option is set, ChirpStack Application Server will make a HTTP request to configured URL when a new user is created. This makes it possible to implement an onboarding service which (using the API) could:

  • Create an organization for the given user ID
  • Setup one or multiple service-profiles
Assigning users to organization

Previously there was an auto-complete field to assign an user to an organization. As the username has been replaced by email and to not leak email addresses, the autocomplete function has been removed and the exact email must be given when associating a given user with an organization.

LoRa Cloud integration

Geolocation

This migrates the geolocation integration from ChirpStack Network Server to ChirpStack Application Server and allows a per-application integration configuration. The LoRa Cloud Geolocation integration provides support for TDOA, RSSI, Wifi and LR1110 based GNSS geolocation.

DAS

This implements the integration with the LoRa Cloud Device & Application Services.

Disable device

This feature makes it possible to (temporarily) disable a device.

Kafka integration

This (global) integration makes it possible to forward events to a Kafka broker.

Gateway client-certificates

When also configured in ChirpStack Network Server this makes it possible to generate per-gateway client-certificates which can be used to implement gateway authentication and authorization. For example a MQTT broker can be configured to validate the client-certificate against a pre-configured CA certificate and if valid it can use the CommonName of the certificate (which contains the gateway ID) to authorize publish / subscribe to certain topics.

Support max gateway / device option

This option makes it possible to configure the maximum gateways and devices that can be created per organization.

Integrations

Cloud integrations

It is now possible to configuring per-application integrations for AWS SNS, Azure Service-Bus and GCP Pub/Sub

Web-interface

The interface to configure per-application configurations has been re-implemented.

Single HTTP integration endpoint

This updates the HTTP integration with a single endpoint configuration. Instead of configuring a per-event endpoint, this makes it possible to have a single endpoint to which all events are posted, with the event as query parameter.

This update makes it also possible to configure the marshaler (JSON, Protocol Buffers and legacy JSON v3) per HTTP integration.

Already configured HTTP integrations are not affected by this update but it is recommended to update your configuration so that you will automatically receive new event-types when they are introduced.

MQTT topic configuration

The MQTT integration has been updated with new MQTT topic configuration. Instead of configuring each topic separately, an event_topic_template template can be configured, which is used for all events. The command topic(s) can now be configured through the command_topic_template variable. In case the old configuration is still present, then the old topic configuration will remain active for backwards compatibility.

Important:

For consistency with the other components, the new configuration does introduce a change in MQTT topics (default configuration):

  • application/[ApplicationID]/device/[DevEUI]/rx -> application/[ApplicationID]/device/[DevEUI]/event/up
  • application/[ApplicationID]/device/[DevEUI]/join -> application/[ApplicationID]/device/[DevEUI]/event/join
  • application/[ApplicationID]/device/[DevEUI]/ack -> application/[ApplicationID]/device/[DevEUI]/event/ack
  • application/[ApplicationID]/device/[DevEUI]/error -> application/[ApplicationID]/device/[DevEUI]/event/error
  • application/[ApplicationID]/device/[DevEUI]/status -> application/[ApplicationID]/device/[DevEUI]/event/status
  • application/[ApplicationID]/device/[DevEUI]/txack -> application/[ApplicationID]/device/[DevEUI]/event/txack
  • application/[ApplicationID]/device/[DevEUI]/location -> application/[ApplicationID]/device/[DevEUI]/event/location
  • application/[ApplicationID]/device/[DevEUI]/tx -> application/[ApplicationID]/device/[DevEUI]/command/down

Improvements

  • Make it possible to use activate API endpoint for OTAA devices (to import an existing activation).
  • Gateway Profile / channel-plan re-configuration documentation in web-interface.
  • Internal cleanup auto-complete select in web-interface.
  • Remove links in web-interface which could cause a logout due to user-permissions.
  • Expose (un)confirmed + DevAddr in integration payloads. (#453)
  • Highlight rlow when hovering over table rows in web-interface. (#474)
  • Include Network Server name column in Device- and Service Profile list. (#475)
  • Include RSSI and SNR in ThingsBoard integration. (#478)
  • Align Gateway detail overview styling. (#480)
  • Makefile changes to speed up tests. (#493)

Bugfixes

  • Fix delete icon in gateway-profile UI (was showing + icon instead of delete).
  • Add missing error check in AWS SNS integration. (#483)
2 Likes