REST/HTTP API use for Application Management

dschrimpsherr · August 19, 2018, 12:21am

I am building a system that connects with multiple lpwan type networks. We are integrating with TTN and I am having problems with the tokens and permission.

I use Oauth2.0 with my client-id, etc… and I get back a code which my backend server uses to get an access token. I then create an application. This part works fine but when I try to doing anything with the application it gives me a 403 saying I don’t have setting permissions on the application. Steps I have tried

I tried to create an access_key using the access_keys array in the application post.

{
      id: 'blah'
      name: application.name,
      created: new Date(),
      rights: [
        'settings',
        'devices',
        'messages:up:r',
        'messages:down:w'
      ],
      'access_keys': [
        {
          'name': 'stupid',
          'rights': [
            'settings',
            'devices',
            'messages:up:r',
            'messages:down:w'
          ]
        }
      ]
    }

This is ignored and the default access_key (without setting permissions) is created.

  name: 'blah7',
  euis: [ '70B3D57ED00118AB' ],
  created: '2018-08-19T00:02:08.338Z',
  rights: [ 'settings', 'delete', 'collaborators', 'devices' ],
  collaborators: 
   [ { username: '<>',
       email: '<>',
       rights: [Array] } ],
  access_keys: 
   [ { name: 'default key',
       key: 'ttn-account-v2.Ci5yegihynqSsy5HhI1PrqQMnVZUXaK61Ga9AhsgEWQ',
       _id: '5b78b380f5fd6d003a4a6706',
       rights: [Array] } ] }

I tried doing a POST on the api/v2/applications/{id}/access-keys as described in https://www.thethingsnetwork.org/docs/network/account/api.html#post-applicationsapp_idaccess-keys
It again gives me a 403 and says I don’t have setting permission on the application.

{
      rights: [
        'settings',
        'devices',
        'messages:up:r',
        'messages:down:w'
      ],
      name: 'defaultLPWan'
    }

Error on adding Keys: {"code":403,"error":"You do not have access to for right settings to application blah"}(403)

I tried 2 again using the default key created from the POST in 1 with the same result.

I check my token in jwt.io and it has ‘apps’ permission so I don’t understand what I am doing wrong. If I have to go to the console to create a access_key, then that isn’t going to work.

{
  "sub": "<>",
  "iss": "ttn-account-v2",
  "iat": 1534634803,
  "type": "user",
  "client": "<>",
  "scope": [
    "profile",
    "apps",
    "components",
    "gateways"
  ],
  "interchangeable": true,
  "username": "<>",
  "email": "<>,
  "created": "2018-06-20T16:04:49.767Z",
  "name": {
    "first": "<>",
    "last": "<>"
  },
  "valid": true,
  "_id": "5b2a7b216a41ae0030a911ed",
  "exp": 1534638463
}

Help?

dschrimpsherr · August 19, 2018, 2:28am

Okay I ended up doing a token exchange

POST https://account.thethingsnetwork.org/users/restrict-token
{ scope":["apps:blah"]}

That was a pain. If there is a simpler way to handle that please let me know.

mromani · July 11, 2019, 2:42pm

I’m facing the same problem as You. I created and application and can’t do anything with it.
Then I tried to created a restricted token but the following error:

code=403, error=u"Cannot get access to a ‘undefined’ with this token"

Did you found this error too?