Limit authorization requests - Device


We recently started using a self-hosted version of mender. We are using the authorize-on-request flow. We would like to use the preauthorization flow.

In both flows, the device signs the authorization request with its private key and server checks it with the public key.

For now, does it mean that any device can request authorization if it knows the server url ?

  1. We would like to limit the access to the authorization flow to our devices only. Is there any solution (self-hosted) for this ?
  2. If we are moving to the preauthorization flow, is it possible to disable the authorize-on-request flow ?

Many thanks in advance for your help.

1 Like