Not Authorized Bug in Node Manager?

Hello everyone,

I think I am currently experiencing a bug with the Node Manager.
I have an Android tablet running Actyx. On a server vm I can see that the tablet is connected, but not authorized.
I’ve uninstalled Actyx on the tablet serveral times and deleted the app data.
Also the same scenario is working fine with two more of the same tablets (authorized).
The Android app using Actyx on the tablet is also working and can submit events.
Should an unauthorized tablet be able to submit events?
Is it possible that the tablet is authorized, but the Node Manager is just displaying the status wrong?

Thanks

Hi!

I am not 100% sure if I have understood, but just to be sure we are talking about the same thing.

Authorization in the Node Manager (or the CLI) is about whether or not “you” (as the Node Manager user) are authorized to administer the node. This is a security feature so as to ensure that only authorized users may view the node’s status, it’s settings, etc. This is what we refer to as authorization.

Whenever the Node Manager tries to talk to a node it provides the node with your user public key (Authentication and authorization | Actyx Developer). If this key is within the node’s list of authorized users, you will be allowed to administer the node. If the key has not been added to this list, the node will return a not-authorized error and the node will be shown as “Not Authorized” in the node manager.

The other concept is authentication for sending events. The idea here is to ensure that only authenticated “apps” may send events. This is done using the app manifest and described at Authentication and authorization | Actyx Developer.

Does that clarify your question?

Thanks for clearing that up. I thought that because I reinstalled Actyx on the tablet, it’ll talk first to the server vm (where the Node Manager is running) and add that public key to the list of authorized users. That might not be the case. How can I edit the authorized users of an node running on Android?
This might not be a bug but more support and troubleshooting.

Yes, that should be the behavior. A fresh node that doesn’t have any authorized users will accept any user and then add that first user to the list. From then on only that user will be able to access the node until that user adds further users (or, more precisely, their public key).

So if the Node Manager is running on the server and you have configured the Android device (using its IP) as a node there, the Node Manager should continuously try to connect to the Android device. As soon as that node comes online, and assuming no other Node Manager or CLI process does this first, the Node Manager’s public user key should be set to the node’s authorized users list.

It works the same irrespective of where Actyx is running (Windows, Android, Linux, Docker), so in your example the behavior you expect is, indeed, the expected behavior. If it is not working, this would be a bug.

Could you try the following please?

  1. Remove the Android node from the Node Manager
  2. Stop the Actyx app on the Android device
  3. Delete the Actyx app’s app data (through settings)
  4. Restart Actyx on the Android device
  5. Add the Android device to the Node Manager

Does it still show the Android device as unauthorized? Thanks!

The tablet node is connected now.
I’m sure I did the same steps but instead of 4. restarting the app I un- and reinstalled it.
Thank you very much vor troubleshooting!