IoT Hub Rest API authentication with Active Directory

Ian Tracy 21 Reputation points
2021-05-25T12:36:43.34+00:00

I'm trying to setup a SPA to interact with IoT hub's REST API using Azure AD. I get that users will need to login as the security principal request an OAuth 2.0 access token at runtime. This token request should point to the resource https://iothubs.azure.net. The problem that I have, is that I have created an app registration for the SPA, and I am trying to add a API scope permission for the IoT hub Rest API, but it is not an option on azure portal. I can see other Azure resources, like Cosmos, Time series Insights, but IoT hub is not an option.
How can I configure my app registration to have scope permissions to access IoT hub? Perhaps, I am trying to do something that is not possible.

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,079 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,618 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sander van de Velde 26,801 Reputation points MVP
    2021-06-03T21:04:10.26+00:00

    Hello @Ian Tracy ,

    I'm not sure how you want to use Azure AD but Microsoft had documented how to create an SAS token if you want to make use of the REST API.

    See also this blog post.

    0 comments No comments

  2. Semir Ramovic 1 Reputation point
    2021-08-11T14:47:25.853+00:00

    I have the similar/same situation. We have an SPA where user authenticates through AD and receives a token. I would like to use that token to access IoT Hub Rest API.

    In order to do this, I presume I need to define in that access token roles/permissions. As mentioned by OP, under "Request API permissions" in Azure AD Apps, there is not IoT Hub entry. There should be a way, since this page describes that but I'm not sure. https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-dev-guide-azure-ad-rbac#azure-ad-access-from-azure-portal

    Any help would be appreciated.

    0 comments No comments