DeviceProvisioningClient Python SDK for IOT DPS service authentication failure

Question

Following the instructions in: https://learn.microsoft.com/en-us/python/api/overview/azure/iot-deviceprovisioning-readme?view=azure-python-preview#creating-the-client-from-azure-credentials

This section of my code fails:

    iotdps_client = DeviceProvisioningClient(
        endpoint= iot_dps_resource + ".azure-devices-provisioning.net", #todo how to use credentials to get in to the dps
        credential=DefaultAzureCredential(),
        # connection_string=connection_string,
    )

with error:

Traceback (most recent call last):
  File "C:\dev\azure\neptune-simulated-deployment\sim.py", line 163, in <module>
    asyncio.run(main())
  File "C:\Users\rober_2whl2po\AppData\Local\Programs\Python\Python311\Lib\asyncio\runners.py", line 190, in run
    return runner.run(main)
           ^^^^^^^^^^^^^^^^
  File "C:\Users\rober_2whl2po\AppData\Local\Programs\Python\Python311\Lib\asyncio\runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\rober_2whl2po\AppData\Local\Programs\Python\Python311\Lib\asyncio\base_events.py", line 653, in run_until_complete
    return future.result()
           ^^^^^^^^^^^^^^^
  File "C:\dev\azure\neptune-simulated-deployment\sim.py", line 74, in main
    iotdps_client.enrollment_group.create_or_update(
  File "C:\dev\azure\neptune-simulated-deployment\.venv\Lib\site-packages\azure\core\tracing\decorator.py", line 78, in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "C:\dev\azure\neptune-simulated-deployment\.venv\Lib\site-packages\azure\iot\deviceprovisioning\operations\_operations.py", line 4526, in create_or_update
    map_error(status_code=response.status_code, response=response, error_map=error_map)
  File "C:\dev\azure\neptune-simulated-deployment\.venv\Lib\site-packages\azure\core\exceptions.py", line 165, in map_error
    raise error
azure.core.exceptions.ClientAuthenticationError: (None) Authorization failed for the request
Code: None
Message: Authorization failed for the request

I've been using DefaultAzureCredentials for other services such as the azure.mgmt.iothub with no problems but this one won't work...

I have a contributor role set up with access to the subscription which im using with DefaultAzureCredentials using environment variables.

Any idea why this might not work when other services are fine?

EDIT: If i use a connection string to access the DeviceProvisioningClient it works fine but I don't have a clear way i can get that connection string programmatically when i'm deploying the DPS using arm templates.

Answer 1

Hi @Robert Smith Greetings! Welcome to Microsoft Q&A forum. Thank you for posting this question here.

May I know the version of Python, azure.iot.deviceprovisioning and azure.identity package you are using to test this code? I would also like to see if you have reviewed a different approach of using ProvisioningDeviceClient through Python SDK sample Provision with symmetric key Here is a quickstart start guide that provides more details on how to use this sample - Provision a simulated symmetric key device

This approach uses DeviceID scope of DPS and Enrollment group keys which can be retrieved programmatically through the following APIs.

• Get request to pull IoT DPS resource information
• Get request to fetch Enrollment details

Please review this approach and let me know if you can work with this. Do not hesitate to reach out to us with any further questions through the comments.