Hi,
I am trying a create a new device using the methodology specified as below. https://forums.losant.com/t/self-register-devices-faster/2534
How do retrieve access secret after creation
Thanks
Subrahmanyam
Access key secrets cannot be retrieved after creation; you need to send the key and secret back to the device in the response to its registration request.
We have a Dynamic Registration template that demonstrates the concept from the forum post. I recommend you start by importing that.
Thanks. Instead of using the manufacturing ID, I want to use the device name in the payload. Currently, I’m using the manufacturing ID as an alias for the device name. Additionally, is there a way to use service credentials instead of a token?
That depends on what you mean by “use service credentials”. The device making the request to Losant cannot use a service credential to send authentication information.
However, you could use a JWT service credential to store a secret used to sign - and then verify - a token unique to each device. The device then sends that token up in the request and you use a JWT: Verify Node that references that credential to ensure the request from the device is legitimate.
Thanks. I tried that and got a malformed jwt error after providing ‘credential id’ to ‘token to decode template’.
In the above, I was referring to token and manufacturingId in the Payload.
You need to provide an actual JWT that was created using the secret you’d be storing in the credential - not just the ID of the credential.
The template I mentioned includes a sample workflow both for generating and for verifying a JWT. The template stores the secret value in an application global; you would just need to create a JWT credential to store the secret and adjust the flows to use the credential instead of the global.
My apologies. After creation, how do access, All I see is Credential ID. I am pretty new to this.
I recommend reading our documentation on service credentials and our blog post announcing the original feature.
The whole point of service credentials is to hide the sensitive authentication information after creation of the credential, and only allow using of it by the Losant back end to interact with third-party services.
So, assuming we are still talking about the same use case that started this thread - dynamic device registration and returning a new access key / secret in response to the registration request - then you should stick with the template I mentioned originally and, if you wish to store the JWT secret in a service credential, to then modify the imported template resources to use a credential for signing the original JWT(s) to distribute to the devices, and also to verify the requests coming back from those devices.
I will also file a ticket to update that template to use a credential instead of globals to store the JWT signing secret.