The final step before the devices can actually start publishing data to Hono is to set credentials for the devices. Hono requires a device to authenticate using these credentials before it accepts any data published by the device. This way, applications consuming the data via Hono’s Telemetry or Event APIs can be sure that the data originates from the device indicated in the telemetry message or event.
Eclipse Hono is designed to support multiple types of credentials, supporting authentication schemes like HTTP Basic auth, MQTT username/password authentication, X.509 client certificates and other TLS ciphers that support client authentication using Pre-Shared Keys or RawPublicKeys.
However, for the sake of simplicity, we will use simple hashed-password credentials which the devices can use to authenticate with the HTTP protocol adapter using HTTP Basic Auth or with the MQTT adapter.
As the name suggests, the Device Registry does not store any passwords in clear text but instead stores a hash of the password only. In order to authenticate a device, a protocol adapter retrieves the hashed password from the registry and compares it to a locally computed hash of the password provided by the device. If the hashes match, the device is authenticated and its data is accepted.
Setting credentials for a device requires upfront computation of the password hash. The hash can then be used in an HTTP request to set the credentials for a device.
Here is the code to compute the hash and set the credentials for the acme-1 device (make sure to use your own device ID for the device-id and auth-id in the JSON payload and your tenant name in the URI):