I’ve been thinking about this for a day now and I don’t know how to approach it.
I have already added authentication for users to the application. Now I would like each user to be able to assign any number of Pico devices to himself. The device ID would be assigned to the user email address.
What if the device is sold to another user? When a new user assigns this device to himself, the server code should remove it from the previous user.
Well, here comes the problem. If the previous user saved the ID of this device, he can enter it in the next device in the place where the get_device_id() function is. This will cause the device to be deleted for the new (current) user.
Can you get the pico to tell the server “I’m that user’s device”?
If the pico doesn’t know the user and the app doesn’t know the pico, can you put a “link pico” button on a form, then wait that the pico calls an “I’m that pico” function, and that pico will be linked to that user only if the pairing happens in a few seconds time? Maybe adding a geographical cheek on the two ip addresses?
This is a big assumption here, but your users have to somehow put in their wifi SSID and password right?
Can they put in the anvil login email and password as well? The info could be gathered from the pico config file and the uplink could use the anvil.users.login_with_email() method, then call a server function who would be able to access the user row from the users table using anvil.users.get_user() to apply the pico’s unique ID to that specific already authenticated user.
Or do a riff on this suggestion below, entering a unique auto-generated code on the pico as a challenge of possession, either by entering the code into a file on the device, or displaying a code on something on the pico that you can then put into the webpage to authenticate that you are in possession of the item.
You could even have the pico emit some number of built-in LED blinks as a unique code, then you don’t even need a display!
I’m sure anvil.server.context.client.location could help with this, since a pc or phone logged in on an anvil page connected to the same wifi as the pico should have the same location information as the pico.
…now that I think about it, you could probably just get away with an authenticate button on an anvil page, after giving the user instructions to connect to the same wifi as the pico and thats really the easiest answer to the OP question.
that’s why there was a problem with assigning someone’s ID.
What if I replaced that with the user’s email address?
USER = config['user_email']
@anvil.server.callable('my_func' + USER)
def my_func():
return 42
For proper operation, the device would require entering the email address (without entering password) used during registration in the application. Now if the previous user enters someone else’s email address on his device, he will have a problem but it won’t hurt other users.
Is this a good approach or does it have some downsides?
I would just make sure you put the email and unique ID together somehow, so that any user can have more than one device, unless you don’t want or need that functionality for some reason.
I know what to do, just have the users go on a page on your anvil site and generate a unique pico key to be assigned and stored to their user, have it generate some long random key, and tell the users to put that in their config file at the same time they are configuring their wifi. Anvil will store all the generated keys associated with that user internally.
Use this instead of the unique key when registering the functions.
This way it will be both unique to the device without using the devices own ID, and you will be able to associate the same key (and multiple keys if needed) with the users account from within anvil.
This way it only counts who has physical access to the pico, not whatever the factory set some unique ID to.
Do you know how a callable name works? Is it a one-to-one connection or is the command sent to all devices and they decide whether to interpret it or not? If it’s the second case, isn’t there a risk of seeing packets that I’m not the recipient of? Won’t the unique keys be there explicitly as text.
I’m not a network expert, these are just my guesses.
I am unsure, I think you should create a new topic with that question, because I’m sure there are others who are also curious to know the answer and it will garner more attention if it is its own topic. Maybe include something like ‘uplink security question’ in the title also.