Setup and authentication

Config

The client classes in the das package need access information to connect to services (IoT-TICKET, Databricks, Azure Function App). There are three ways to provide that information:

Set the configuration file (instructions below).
Set the environment variables (if both are set, this overrides the config file).
Give them as parameters for the respective client class constructor (This overrides the two options above).

To initialize the config file:

Create the .das folder in your user's home directory: /home/$USER/.das/config.ini
Create the config.ini file in that directory or run das config init in a command line to create the file and placeholders in it.
Add your environment's information in your config file

The content of the config.ini file for initializing IoTClient, DatabricksClient, and AzureFunctionsClient:

[iot-ticket]
            # mandatory
            base_url = https://
            subscription =
            organization_id =
            client_id = 

            # optional
            client_secret =
            username = 
            password =
            identity_provider =
            environment_type =

            [databricks]
            host = https://
            token =

            [azure]
            client_id =
            client_secret =
            tenant_id =
            subscription_id =
            resource_group =
            function_app =

The corresponding environment variable names are:

IOT_TICKET_BASE_URL=https://
            IOT_TICKET_SUBSCRIPTION=
            IOT_TICKET_ORGANIZATION_ID=
            IOT_TICKET_CLIENT_ID=
            IOT_TICKET_CLIENT_SECRET=
            IOT_TICKET_USERNAME=
            IOT_TICKET_PASSWORD=
            IOT_TICKET_IDENTITY_PROVIDER=
            IOT_TICKET_ENVIRONMENT_TYPE=

Authentication

There are two ways to authenticate to IoTClient: The 'legacy' and the 'webapp' authentication flows. Authentication is done within the class constructor.

For legacy flow, all the fields of the config file are required including the authentication information.
iot = IoTClient(auth_flow='legacy') # 'legacy' is also the default value

For webapp login, only the "mandatory" section of the config file is required.
iot = IoTClient(auth_flow='webapp-auto')

Best practices for each option are listed below.

Best practices

If using das-sdk in external services such as Azure or Databricks environments, it is recommended to use environment variables to setup needed parameters and authentication information. Here, the 'legacy' auth_flow should be used to not rely in interactive login.

It is recommended to create a shared user in IoT-TICKET that can be used in external services without setting up personal authentication information in those environments.
It is recommended to use keyvaults or other similar services for sensitive information in external environments.

If using das-sdk and the IoTClient in a local environment, the best practice is setting up the config file and using 'legacy' authentication flow. The webapp authentication flows can be used for quick testing or if the user is already logged in IoT-TICKET with the browser or if the user does not want to set up secrets within the config.ini file.
If using das-sdk in longer-running operations or for exploration in local jupyter notebooks, a keep_alive parameter can be set to True to keep updating the access token in a separate thread: iot = IoTClient(keep_alive=True)
If working in multiple IoT-TICKET environments, the user can set up multiple config.ini files in the .das folder and reference them by file name to connect to a specific environment: iot = IoTClient(config_name='other_environment_config.ini')