IoT Hub Rest API authentication with Active Directory

Question

I'm trying to setup a SPA to interact with IoT hub's REST API using Azure AD. I get that users will need to login as the security principal request an OAuth 2.0 access token at runtime. This token request should point to the resource https://iothubs.azure.net. The problem that I have, is that I have created an app registration for the SPA, and I am trying to add a API scope permission for the IoT hub Rest API, but it is not an option on azure portal. I can see other Azure resources, like Cosmos, Time series Insights, but IoT hub is not an option.
How can I configure my app registration to have scope permissions to access IoT hub? Perhaps, I am trying to do something that is not possible.

Answer 1

Hello @Ian Tracy ,

I'm not sure how you want to use Azure AD but Microsoft had documented how to create an SAS token if you want to make use of the REST API.

See also this blog post.

Answer 2

I have the similar/same situation. We have an SPA where user authenticates through AD and receives a token. I would like to use that token to access IoT Hub Rest API.

In order to do this, I presume I need to define in that access token roles/permissions. As mentioned by OP, under "Request API permissions" in Azure AD Apps, there is not IoT Hub entry. There should be a way, since this page describes that but I'm not sure. https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-dev-guide-azure-ad-rbac#azure-ad-access-from-azure-portal

Any help would be appreciated.