What if you just want to call an Azure Function from a Edge Module?

How to authenticate this call and make sure that it is coming from a specific module/device?

Imagine a scenario in which you need to trigger a firmware update to your Edge Device. To accomplish this, if you want to have private access to your firmware repository, you may send a temporary, short-term expiring, storage resource url to your IoT Edge device, via a change in Desired Properties of your module twin.

Let’s say that your device will be offline for hours, before receiving the desired twin change and triggering the firmware update.

What if, when the device gets back online, the previously set token has expired? You would not be able to download the firmware.

Of course, instead of injecting a storage URL you could just call an Azure Function to retrieve the Storage URL (with Shared Access Signature) and go on with the firmware update process. How to make sure that this is an authenticated and authorized call?

Obviously, this is not the only scenario covered here: it’s up to your imagination what you could achieve with this kind of authentication.

If you want to know more and have some sample solutions, feel free to have a look at my GitHub repository here