IoT Hub SAS Token creation with mqtt commands

Question

Hi, in my project i connect to my IoT hub, with an ESP32 with AT commands and mqtt.
I publish and subscribe to topics and also i can provision a device, all without the SDK.
Is there a mode to generate the SAS token from the Hub or other service and send it to my device,
only by using mqtt, before the current SAS Token expires?

Also can i communicate with the azure cli publishing and subscribing in topics,
with mqtt?

Thanks.

Answer 1

@SDK for Embedded C IoT Hub Samples on Windows , interesting question.

If I have the date time on the ESP32, I normally calculate the SAS token on device. Then when I connect to the IoT Hub if I ever get an error code, I just recalculate the SAS Token. It also allows me to generate a SAS token for the timeframe i desire, say 24 hours or the like.

I have an ESP8266 example here: https://kevinsaye.wordpress.com/2021/05/11/arduino-with-azure-iot-hub-and-device-provisioning-service/ just in case you are not using the Microsoft SDK for Arduino. Note my example includes DPS, which allows for management at scale -- highly recommended.

Now if you do not have the datetime on your device, you can always create an Azure function [that does understand date time] and have your code make the http request to the function to get a SAS Token. Example here: https://kevinsaye.wordpress.com/2017/01/05/using-azure-functions-to-generate-an-iot-sas-token/. Note this is not a secure method, as it leads to SASTokens on an unencrypted network [unless your device can talk HTTPS]. Anytime your 'key' flies on the wire, your security is at risk. -- this is why we generate the token on the device and only let a time bound hash on the wire. :)