Overview

Introduction

You can use FunctionGraph to customize the identity authentication logic for devices connected to the platform.

Before connecting a device to the platform, you can use the application to configure custom authentication on the console, and then configure related functions by using FunctionGraph. When the device connects to the platform, the platform obtains parameters such as the device ID and custom authentication function name, and sends an authentication request to FunctionGraph. The user implements the authentication logic to complete access authentication.

Application Scenarios

• Device migration from third-party cloud platforms to IoTDA: You can configure the custom logic to make it compatible with the original authentication mode. No modification is required on the device side.
• Native access: Custom templates provide flexible authentication.

Constraints

• The device must use TLS and support SNI (Server Name Indication). The SNI must carry the domain name allocated by the platform.
• By default, each user can configure up to 10 custom authenticators.
• Max. processing time: 5 seconds. If the function does not return any result within 5 seconds, the authentication fails.
• For max. TPS of authentication requests of a user, see Specifications. The max. TPS of custom authentication is 50% of the total authentication TPS (excluding device self-registration).
• If you have enabled the function of caching FunctionGraph authentication results, the modification takes effect only after the cache expires.
• The custom authentication mode is preferentially used for device access if conditions are met, for example, the custom authenticator name carried by the device is matched or a default custom authenticator has been configured.