Uninstall automatically Gui-o App0
-
Hi Kl3m3n,
Imagine that I buy Gui-O licenses to be installed on my employees' cell phones, there is later a possibility for management to remove or block any of them. Maybe through the Application UUID. I don't know if it is possible for the cell phone to receive some command so that it automatically uninstalls the Gui-o App.
It is possible that I have already asked this question, I am not sure.
Thanks
Best regards -
@sato Hello.
There are multiple ways to handle this:
-
You can handle this from the MQTT broker side by specifying individual users with passwords. You can remove the user and he / she will not be able to connect to the MQTT broker anymore (good option, since the user will not "steal" the broker bandwidth). We do not offer this, since we are only running a test cluster. But for example, event the hive mq free account offers this.
-
You could probably base the access on the applicaction UID. You (as administrator) would have to create a interface to add or remove users (add / remove application UIDs), combined with a password, which would be under your control. I would have to add the option to the GUI-O app to always send the application UID along with any user command. The down side of this solution is that the removed users would still be able to connect to the MQTT broker.
-
You could also use client certificates, but this is probably an overkill for your case? You would have to have full control over the MQTT broker.
P.S.:
I believe that it is not possible to uninstall the app via a command (without using adb, which is not applicable for production cases).Regards
-
-
Hello @kl3m3n,
I will learn more about installing and controlling the mosquitto broker, maybe then I will succeed with the possibility of banning or allowing access via application ID
Thank You
Best Regards -
@sato You should ban the users based on their username / password...
Take a look at mosquitto ACL (access control list).
Regards
-
Hello @kl3m3n,
Thanks for the tip. It won't be short term, only in a few months I will look into Mqtt broker.
Best regards
-
Hello @kl3m3n,
I have analyzed the issue a bit more and I come to the conclusion that the way to allow or not allow access to the broker will have to go through the UUID of the App since it is the only data that marks the difference. Since I want to clone in the Gui-O Apps all the connections of my IOT devices, every time I add a new IOT device in the App, I generate a QR Code that will be given to the employees to scan on their cell phones.
But I think that Gui-O has to always send also its UUID when connecting to Mosquito. In the ACL file I have to insert a list with all the UUIDs that are allowed to access.
Is my reasoning correct?But it's not for now. In two or three months i will install and make tests with Mosquito, and give You Feedback.
Best regards
-
@sato
Currently, the app does not use its uuid for connection to the broker.
But I will make it so in the next version - default client id shall be the app uuid.BUT, you can already control the clients by specifiying the client id! This is sent to the MQTT broker. Check under IoT settings -> Client id. If not set, the app generates a uuid every time (as I've said, I will change this to match the uuid of the device). But you should use specific client id as app uuid does not persist if you uninstall and reinstall the app (but it persists through the upgrades). NOTE: the client id must be unique - no two clients with the same id can be connected. So, if a client "client1" is connected, and another tries to connect with the same client id, the connection will be refused. That is why the GUI-O app supplies a uuid for client id (if not set).
You can restrict the access by adding users (and their passwords). Check out: https://mosquitto.org/documentation/authentication-methods/
So, for example:
- user: John pass: Doe
- user: Joe pass: Ordinary
etc...
You can revoke user access by removing him from the ACL list. Each user can set its user / pass credentials inside the GUI-O app under IoT settings.
Regards,
kl3m3n -