The Azure IoT connection requires a SAS token to be generated. I understand how that is done using the tools provided by Azure. So in a production environment does one select a TTL of like 10 years?
I have also seen some use a web service to create a short-lived SAS (Using Azure Functions to generate an IoT SAS Token – Kevin Saye). In that particular example, he used straight HTTP which wouldn’t be advisable. The device would need to store the access key to the token service.
Microsoft’s documentation does refer to a “Token Service” that would generate the SAS token.
(Access control and security for IoT Hub | Microsoft Learn)
Has anyone deployed a decent quantity of devices for commercial use using Azure IoT? How did you handle the SAS token?
Edit: This would be a similar implementation but slightly updated. Steve Spencer's Blog | Generating your IoT Hub Shared Access Signature for your ESP 8266 using Azure Functions