Azure IoT Hub SAS Token doesn't expire

1
votes
  • SDK: C#
  • Version: Microsoft.Azure.Devices.Client 1.2.3

  • Bug reproduction code:
    Let the following run for 15 minutes or so* and you'll see that sending still succeeds although the token should have expired.

    var hostName = ...
var deviceId = ...
var sasToken = new SharedAccessSignatureBuilder
    {
        Key = sharedAccessKey,
        Target = $"{hostName}/devices/{deviceId}",
        TimeToLive = TimeSpan.FromMinutes(5)
    }
    .ToSignature();

var authenticationMethod = new DeviceAuthenticationWithToken(deviceId, sasToken);
var connectionString = IotHubConnectionStringBuilder
    .Create(hostName, authenticationMethod)
    .ToString();
var deviceClient = DeviceClient
    .CreateFromConnectionString(connectionString, TransportType.Mqtt);

while (true)
{
    Console.WriteLine($"{DateTime.UtcNow}: Sending");
    var messageContent = Encoding.UTF8.GetBytes("{}");
    var message = new Message(messageContent);
    await deviceClient.SendEventAsync(message);
    await Task.Delay(TimeSpan.FromSeconds(10));
}

Correct me if I'm wrong, but does that mean that an open connection never expires? Whose fault is this? I would say that the IoT Hub should close the connection when the token expires, right?

* Internally a token seems to be valid for five more minutes, because that's what they define as MaxClockSkew. So to save you some time you can set SharedAccessSignatureBuilder.TimeToLive to -4.9 minutes and the token should expire within 0.1 minutes.

1
c#azure-iot-hubazure-iot-sdk
This is a bug that has already been reported - at the moment if you use MQTT, the token is checked when the device connects, but the device is not disconnected by IoT Hub when the token expires. - Dominic Betts
Ok, thanks. Can you provide a link to the issue? So you mean when using e.g. AMQP you don't have this problem? - Johannes Egger
I don't have a public link to the issue. I just tried with AMQP and got an authorization error when the SAS expired, same happens with HTTP. So the problem only exists with MQTT protocol currently. - Dominic Betts
Bug is still active for package version Microsoft.Azure.Devices.Client 1.5.0. Here is the bug's URL: github.com/Azure/azure-iot-sdk-c/issues/163 Thanks! - Amogh Natu

1 Answers

1
votes

This is a bug that has already been reported - at the moment if you use MQTT, the token is checked when the device connects, but the device is not disconnected by IoT Hub when the token expires. I don't have a public link to the issue. I just tried with AMQP and got an authorization error when the SAS expired, same happens with HTTP. So the problem only exists with MQTT protocol currently.