The Azure IoT connection requires a SAS token to be generated. I understand how that is done using the tools provided by Azure. So in a production environment does one select a TTL of like 10 years?
I have also seen some use a web service to create a short-lived SAS (https://kevinsaye.wordpress.com/2017/01/05/using-azure-functions-to-generate-an-iot-sas-token/). In that particular example, he used straight HTTP which wouldn’t be advisable. The device would need to store the access key to the token service.
Microsoft’s documentation does refer to a “Token Service” that would generate the SAS token.
Has anyone deployed a decent quantity of devices for commercial use using Azure IoT? How did you handle the SAS token?
Edit: This would be a similar implementation but slightly updated. http://blogs.recneps.net/post/Generating-your-IoT-Hub-Shared-Access-Signature-for-your-ESP-8266-using-Azure-Functions