ChirpStack Application Server v3.11.0
OpenID Connect authentication
This feature makes it possible to use an OpenID Connect authentication backend together with ChirpStack Application Server, for example Auth0.com. Users are automatically matched based on email address on the first login. If there is a successful match, an external OpenID Connect user identifier is associated with the user, so that even in case of an email address update, it can still be matched (and updated in the ChirpStack Application Server database).
The implementation of this feature required a couple of changes:
Usernames no longer exist in ChirpStack Application Server and have been renamed to email. Existing users can still login with their username, but on user update, the username must be set to an email address.
Previously there was an unused email field. As there was no guarantee that this field was unique this field has been deprecated. It is still present in the database as
email_old so that the new
username as value) can be updated by hand if needed.
Creating new users as an organization admin has been removed. However, the OpenID Connect integration provides a
registration_enabled option, which automatically creates new users when it does not exist.
Together with the
registration_callback_url, it can be used to automatically onboard new users. When this option is set, ChirpStack Application Server will make a HTTP request to configured URL when a new user is created. This makes it possible to implement an onboarding service which (using the API) could:
- Create an organization for the given user ID
- Setup one or multiple service-profiles
Assigning users to organization
Previously there was an auto-complete field to assign an user to an organization. As the username has been replaced by email and to not leak email addresses, the autocomplete function has been removed and the exact email must be given when associating a given user with an organization.
LoRa Cloud integration
This migrates the geolocation integration from ChirpStack Network Server to ChirpStack Application Server and allows a per-application integration configuration. The LoRa Cloud Geolocation integration provides support for TDOA, RSSI, Wifi and LR1110 based GNSS geolocation.
This implements the integration with the LoRa Cloud Device & Application Services.
This feature makes it possible to (temporarily) disable a device.
This (global) integration makes it possible to forward events to a Kafka broker.
When also configured in ChirpStack Network Server this makes it possible to generate per-gateway client-certificates which can be used to implement gateway authentication and authorization. For example a MQTT broker can be configured to validate the client-certificate against a pre-configured CA certificate and if valid it can use the CommonName of the certificate (which contains the gateway ID) to authorize publish / subscribe to certain topics.
Support max gateway / device option
This option makes it possible to configure the maximum gateways and devices that can be created per organization.
The interface to configure per-application configurations has been re-implemented.
Single HTTP integration endpoint
This updates the HTTP integration with a single endpoint configuration. Instead of configuring a per-event endpoint, this makes it possible to have a single endpoint to which all events are posted, with the
event as query parameter.
This update makes it also possible to configure the marshaler (JSON, Protocol Buffers and legacy JSON v3) per HTTP integration.
Already configured HTTP integrations are not affected by this update but it is recommended to update your configuration so that you will automatically receive new event-types when they are introduced.
MQTT topic configuration
The MQTT integration has been updated with new MQTT topic configuration. Instead of configuring each topic separately, an
event_topic_template template can be configured, which is used for all events. The command topic(s) can now be configured through the
command_topic_template variable. In case the old configuration is still present, then the old topic configuration will remain active for backwards compatibility.
For consistency with the other components, the new configuration does introduce a change in MQTT topics (default configuration):
It is now possible to also generate per-organization API keys in the web-interface for easy integration with the gRPC and REST API.
- Make it possible to use activate API endpoint for OTAA devices (to import an existing activation).
- Gateway Profile / channel-plan re-configuration documentation in web-interface.
- Internal cleanup auto-complete select in web-interface.
- Remove links in web-interface which could cause a logout due to user-permissions.
- Redirect to device overview after saving root-keys.
- Add network-server name in gateway list.
- Expose (un)confirmed + DevAddr in integration payloads. (#453)
- Highlight rlow when hovering over table rows in web-interface. (#474)
- Include Network Server name column in Device- and Service Profile list. (#475)
- Include RSSI and SNR in ThingsBoard integration. (#478)
- Align Gateway detail overview styling. (#480)
- Makefile changes to speed up tests. (#493)
- Support multiple Redis addresses for clustering. (#491)