0
votes

I am currently looking for a way to revoke the device session of a device that is connected to the Azure Iot Hub.

For example, when a device connects using a certificate and the certificate expires, the device can still send and receive data while it has a valid token.

Our case is if a device overloads our IoT Hub for whatever reason, we would like to be able to revoke the connection immediately. We want to be able to revoke such token in order to immediately disconnect a certain device.

Is it even possible to do so? If not, are there workarounds for that?

2

2 Answers

1
votes

You can disable a device to connect to the IoT Hub. I just tried this with a simulated device (using the .NET SDK) that was actively sending data. After I turned the switch to Disabled, the connection broke off after a few seconds. This was using the device key, not certificates but I would assume this might work as well.

enter image description here

0
votes

There is no such as the REST API in the Azure IoT Hub to disconnect connected device. However the following workarounds can help it:

  1. Based on the MQTT Device protocol, only one device with the same ID can be connected to the Azure IoT Hub, so connecting the same device (simulated the same ID) will automatically disconnect a connected one. This workaround doesn't require any change in the device code. You can test it using a tools such as MQTTBox, MQTT.fx, etc.

  2. This workaround is based on invoking a device method to perform closing a device from the device side. You can create a job for Azure IoT Hub background process to "invoke device method". Note, that this workaround needs to built this feature into the device code. Also, using a notification event on the twin desired property change received by device side can be used for your workaround to perform a closing or re-connecting connection with an Azure IoT Hub.

Edit:

  1. Like @silent answered, changing the state Enable to Disable, the device is going automatically disconnect from the Azure IoT Hub. You can use a REST API to change this status.

I do recommend to built in the device some retrying policy for re-connecting a device to the Azure IoT Hub based on the disconnecting reason such as connection lost, user disconnected, etc.