Posted On: Aug 27, 2020
AWS IoT Core now enables customers to use Custom Authentication to authenticate and authorize messages from IoT devices on MQTT connections. In addition, customers using HTTP or WebSockets to connect to AWS IoT Core can now customize which headers or query parameters they use to pass device credentials to their Authorizers. For example, customers can now pass credentials via the Authorization header or access_token query parameter commonly used in OAuth implementations.
Custom Authentication allows customers to define their own AWS Lambda-based workflows, called Authorizers, to call external identity and access management services to authenticate devices and authorize their operations on AWS IoT Core. As a result, customers can use device credentials, such as JSON Web Tokens or MQTT username and password combinations, generated by their own provisioning service to connect their devices to AWS IoT Core. This eliminates the need to provision new credentials for device fleets already in the field, providing customers with additional flexibility and ease when connecting their devices to AWS IoT Core.