Completed: All services require a new token format
This is a cross-post of an incident on our Packet Broker status page.
It will be updated automatically.
Scheduled: Thu, 02 Dec 2021 11:00:00 +0100 until 12:00:00 +0100
Resolved: Fri, 03 Dec 2021 09:50:29 +0100
Affected Components
- Europe (eu): Operational
- Control Plane (cp.packetbroker.net): Operational
- North America (nam): Operational
- IAM (iam.packetbroker.net): Operational
- APAC (apac): Operational
Scheduled
Posted: Sat, 02 Oct 2021 21:00:46 +0200
All Packet Broker services will be requiring a new OAuth 2.0 token format presented by the client. The new token format includes an audience that needs to match the host name of the service.
Services using Packet Broker, including The Things Stack from version 3.15.2, will support this.
The Things Stack Cloud and The Things Stack Community Edition will be upgraded end of October according to schedule.
We advise customers using The Things Stack Enterprise and Open Source in combination with Packet Broker to upgrade to 3.15.2 shortly after its release.
This maintenance is not a security fix, but rather a preparation to use Packet Broker tokens more widely in third-party services. Including an audience in the security token allows services to verify that the token is intended for that service, and avoids third-party services to use the received token on other services. See RFC 7519 - JSON Web Token (JWT) for more information.
In Progress
Posted: Fri, 03 Dec 2021 09:50:08 +0100
We are currently updating Packet Broker infrastructure to require the OAuth 2.0 token audience.
Completed
Posted: Fri, 03 Dec 2021 09:50:29 +0100
The scheduled maintenance has been completed.