Best Practices for Storing Device-Specific SAS Tokens for Multi-Endpoint Communication
Hi guys @IoT Cloud I plan on making a solution where devices need to communicate with multiple endpoints, including an API for non-telemetry data. To avoid additional authentication methods, I'm considering using device-specific SAS tokens generated by a back-end service. Would it be safe to store these tokens in desired properties, or is it better to use the payload of a cloud-to-device message? Are there other recommended approaches for this?
Solution:Jump to solution
Storing SAS tokens in desired properties or cloud-to-device message payload has security risks. Consider alternative approaches like device-specific certificates or OAuth for secure authentication and authorization. Consult security experts for the best solution.
I think @LMtx can help out here...
3 Replies
Solution
Storing SAS tokens in desired properties or cloud-to-device message payload has security risks. Consider alternative approaches like device-specific certificates or OAuth for secure authentication and authorization. Consult security experts for the best solution.
I think @LMtx can help out here
Thanks for the warning. Can you please provide more info on using device-specific certificates or OAuth for secure authentication and authorization, Any resources or guidance would be helpful too