Get registration status from DPS in Java SDK

Rojik, Marek 21 Reputation points
2022-11-02T05:48:42.657+00:00

I would like to ask you, do you plan to implement a method to get the current registration status of the enrollment in Device Provision Service in your IoT hub Java SDK?
I'm asking because I would like to call the DPS register endpoint only once for registration and then get the registration status to get the IoT Hub name, device ID, and activation key (I use TPM to device provisioning). Using this approach, I would like to avoid reprovisioning, exactly how is described below:

256266-image.png

I see there is a method to get registration status com.microsoft.azure.sdk.iot.provisioning.device.internal.task.ProvisioningTask#invokeStatus. But the method is private and it is not possible to call.

Or do you have any idea how to get registration status and avoid device reprovisioning, please? I would like to avoid implementing my own solution based on https://learn.microsoft.com/cs-cz/rest/api/iot-dps/service/device-registration-state/get. Because there is a problem how to get activation key (nonce) without reprovisioning. Without it, I can't generate SAS token.

Similar topic is discussed for C# https://learn.microsoft.com/en-us/answers/questions/971172/iot-hub-device-provisioning-service-device-registr.html.

Thank you for your help.

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,146 questions
{count} votes

Accepted answer
  1. Dom 1,631 Reputation points Microsoft Employee
    2022-11-04T14:25:42.667+00:00

    Hi @Rojik, Marek ,

    The workaround you referred to (https://stackoverflow.com/questions/59793319/connecting-to-azure-iot-hub-using-tpm) does work - I think you should consider submitting a PR to the https://github.com/Azure/azure-iot-sdk-java repo - changing both the SecurityProviderTPMEmulator and SecurityProviderTPMHsm classes - to notify the developers of the SDK about the issue.

    Without these changes, it looks like the DeviceClient can't retrieve the SAS key from the TPM unless the device is reprovisioned.


2 additional answers

Sort by: Most helpful
  1. Dom 1,631 Reputation points Microsoft Employee
    2022-11-03T10:55:16.633+00:00

    Hi @Rojik, Marek ,

    The C# method to get device registration status (GetDeviceRegistrationStateAsync) is equivalent to the Java method I referred to above (getDeviceRegistrationState) - both of these are in the service client libraries rather than the device client libraries - and both are wrappers around the REST API Runtime Registration - Device Registration Status Lookup.

    The documentation you referred to goes on to discuss the benefits of caching the information originally received from DPS:

    "We recommend not provisioning on every reboot of the device, as this could cause some issues when reprovisioning several thousands or millions of devices at once. Instead you should attempt to use the Device Registration Status Lookup API and try to connect with that information to IoT Hub. If that fails, then try to reprovision as the IoT Hub information might have changed. Keep in mind that querying for the registration state will count as a new device registration, so you should consider the Device registration limit. Also consider implementing an appropriate retry logic, such as exponential back-off with randomization, as described on the Retry general guidance. In some cases, depending on the device capabilities, it’s possible to save the IoT Hub information directly on the device to connect directly to IoT Hub after the first-time provisioning using DPS occurred..."

    Also, take a look at Best practices for large-scale IoT device deployments for more information about reprovisioning and IoT Hub connectivity - it includes a useful code sample.


  2. Dom 1,631 Reputation points Microsoft Employee
    2022-11-03T13:58:54.057+00:00

    You're using the SecurityProviderTPMEmulator in your code - did you retrieve the Endorsement Key and Registration ID, and use them to create a DPS enrollment in the portal?

    You shouldn't need to cache the SecurityProviderTPMEmulator object - a real TPM object always returns the same Endorsement Key and Registration ID on any given device if you needed them to reprovision.