Search

Login

Become a leader in the IoT community!

Join our community of embedded and IoT practitioners to contribute experience, learn new skills and collaborate with other developers with complementary skillsets.

Step 1 of 5

CREATE YOUR PROFILE *Required

OR
Step 2 of 5

WHAT BRINGS YOU TO DEVHEADS? *Choose 1 or more

Connect & collaborate 🀝with other tech professionals
Learn & Grow πŸ“š
Contribute Experience & Expertise πŸ”§
Step 3 of 5

WHAT'S YOUR INTEREST OR EXPERTISE? *Choose 1 or more

Hardware Design πŸ’‘
Embedded Software πŸ’»
Edge Networking ⚑
Step 4 of 5

Personalize your profile

Step 5 of 5

Read & agree to our COMMUNITY RULES

  1. We want this server to be a welcoming space! Treat everyone with respect. Absolutely no harassment, witch hunting, sexism, racism, or hate speech will be tolerated.
  2. If you see something against the rules or something that makes you feel unsafe, let staff know by messaging @admin in the "support-tickets" tab in the Live DevChat menu.
  3. No age-restricted, obscene or NSFW content. This includes text, images, or links featuring nudity, sex, hard violence, or other graphically disturbing content.
  4. No spam. This includes DMing fellow members.
  5. You must be over the age of 18 years old to participate in our community.
  6. You agree to our Terms of Service (https://www.devheads.io/terms-of-service/) and Privacy Policy (https://www.devheads.io/privacy-policy)
By clicking "Finish", you have read and agreed to the our Terms of Service and Privacy Policy.

Best Practices for Storing Device-Specific SAS Tokens for Multi-Endpoint Communication

Or Ask a Question?

Hi guys @IoT Cloud I plan on making a solution where devices need to communicate with multiple endpoints, including an API for non-telemetry data. To avoid additional authentication methods, I’m considering using device-specific SAS tokens generated by a back-end service. Would it be safe to store these tokens in desired properties, or is it better to use the payload of a cloud-to-device message? Are there other recommended approaches for this?

  1. Joseph Ogbonna#0000
    November 21, 2024 at 10:26 pm

    Storing SAS tokens in desired properties or cloud-to-device message payload has security risks. Consider alternative approaches like device-specific certificates or OAuth for secure authentication and authorization. Consult security experts for the best solution.

    I think @lmtx can help out here

  2. Daniel kalu#0000
    November 21, 2024 at 10:26 pm

    Thanks for the warning. Can you please provide more info on using device-specific certificates or OAuth for secure authentication and authorization, Any resources or guidance would be helpful too

  3. Joseph Ogbonna#0000
    November 21, 2024 at 10:26 pm

    This will be of help

    https://my.avnet.com/silica/solutions/iot/secure-device-management-provisioning/iot-security-series/device-authentication-authorisation/

CONTRIBUTE TO THIS THREAD

Browse other questions tagged 

or  Ask Your Own Question?

Learning PCB Design with MCUs and Sensors

PCB Silkscreen Color Options

Feedback on PCB Business Card Design

IoT Sensor Board Design for Environmental Monitoring

RELATED THREADS
Upcoming Events

21

Mar

DevHeads Weekly Office Hours – Fridays at 15:00 GMT

21

Mar

DevHeads Weekly Office Hours – Fridays at 15:00 GMT

21

Mar

DevHeads Weekly Office Hours – Fridays at 15:00 GMT

Leaderboard

RANKED BY XP

All time
  • 1.
    Avatar
    @Nayel115
    1620 XP
  • 2.
    Avatar
    @UcGee
    650 XP
  • 3.
    Avatar
    @melta101
    600 XP
  • 4.
    Avatar
    @chitour
    600 XP
  • 5.
    Avatar
    @lifegochi
    250 XP
  • 6.
    Avatar
    @Youuce
    180 XP

Learning PCB Design with MCUs and Sensors

PCB Silkscreen Color Options

Feedback on PCB Business Card Design

IoT Sensor Board Design for Environmental Monitoring