The Abstract MQTT Driver supports the use of SAS tokens for authentication to the Azure IoT Hub.
The authentication process is as follows:
- Add an AzureMqttSasAuthenticator component to the Abstract MQTT Driver device.
- The device’s connection string is copied from Azure IoT Hub to a
Niagara station.
- The authenticator securely stores the connection string and generates a new SAS token, and connects to the IoT Hub.
- The authenticator automatically generates a new token when the current token is close to expiring.
The benefits of using SAS tokens over certificates include:
- Simpler configuration during station commissioning.
- Secure encrypted storage of tokens and access key at rest in the
Niagara key store.
- You can configure more frequently token expiry.
- The authenticator generates a new replacement token prior to expiry thereby avoiding repeated certificate maintenance in the
future.
- Administrators can revoke the original connection string in the Azure IoT Hub at any time.