Authenticate a Thing With Dynamic Registration

This example registers a new identity, authenticates the Thing, and requests an access token for the Thing. The Thing must have an asymmetric key pair for signing, and a CA-signed X.509 certificate that contains the key pair's public key. These are provided in the /path/to/iot-edge/examples/resources directory. The source code for this example is in /path/to/iot-edge/examples/thing/cert-registration/main.go.

This sequence diagram shows how the Thing is registered and authenticated for the session:

From the iot-edge directory, run the thing/cert-registration example: 

cd /path/to/iot-edge
./run.sh example "thing/cert-registration" \
-name "dynamic-thing" \
-url "http://am.localtest.me:8080/openam" \
-audience "/" \
-realm "/" \
-tree "reg-tree" \
-keyfile "./examples/resources/eckey1.key.pem" \
-certfile "./examples/resources/dynamic-thing.cert.pem"
Creating Thing dynamic-thing... Done
 Requesting access token... RequestAccessToken response:  {
   "access_token":"84T-lIAwUImk9NTP6ObKKWZouW8",
   "scope":"publish",
   "token_type":"Bearer",
   "expires_in":3599
 }
 Done
 Access token: 84T-lIAwUImk9NTP6ObKKWZouW8
 Expires in: 3599
 Scope(s): [publish]

 ______     __  __
 /\  __ \   /\ \/ /
 \ \ \/\ \  \ \  _"-.
 \ \_____\  \ \_\ \_\
 \/_____/   \/_/\/_/

The Thing is now registered with the ID dynamic-thing. It is authenticated to AM and has received an access token.

If you sign in to the AM Admin UI and select Identities in the Top Level Realm, you will see the dynamic-thing in the list.

Read a different version of :