Which interworking modes does Tuya Cloud support? - iot

Recently, I am searching for a suitable IoT platform to implement my Cloud startup ideas. Amazon AWS IoT, Microsoft Azure IoT and Apple HomeKit are the popular ones, but they are all serving their own closed ecosystems. An interesting platform named Tuya Cloud: https://developer.tuya.com/en/cloud attracts me. But I don't know which interworking modes does it support?

The Tuya Cloud Platform (https://developer.tuya.com/en/cloud) provides various integrate modes based on Tuya's mature IoT services, combining different docking scenarios:
Simple mode (implicit authorization):
Tuya Cloud provides a cloud-based docking method based on the oauth2 protocol. Developers can apply for a cloud API on the tuya IoT platform, call tuya openapi according to the tuya openapi interface specification, obtain the developer's own user and device data, and control the device through permissions.
For this case, developers need to create OEM applications or create products on the platform. After that, you can get user data or device data based on your development account.
2、Authorization code mode (explicit authorization):
After applying the cloud API key on Tuya cloud platform, developers can call Tuya open interface based on Tuya openapi interface specification to obtain resource data and authorization scope under authorization Resource data.
For cloud integration scenarios where there is no OEM application in the tuya platform, tuya cloud provides an authorization code method.

Related

ADAL or MSAL for MS Graph for ASP.net application for Azure B2B

We are developing the azure B2B Application to invite and access our Asp.net application that is hosted in the Azure. I checked the example https://github.com/Azure/active-directory-dotnet-graphapi-b2bportal-web which uses the ADAL for most of the operation. In the example from the above link, the MS Graph using an access token generated from the ADAL, but Microsoft recommends using the MSAL.
My question is Which one we have to use the for MS Graph in the ASP.net Application either ADAL or MSAL.
Both of them can help in handling Ms Graph, but MSAL provides multiple benefits over ADAL including incremental consent, richer single sign-on experiences, support for personal Microsoft accounts, use of standards-based protocols and so on.
Also, MSAL has good examples available for Ms Graph and easily implemented.
I agree with Hari above. Both MSAL/ADAL capable of working with MS Graph. But here's the key differences:
Active Directory Authentication Library (ADAL) integrates with the Azure AD for developers (v1.0) endpoint, where MSAL integrates with the Microsoft identity platform (v2.0) endpoint.
The v1.0 endpoint supports work accounts, but not personal accounts. The v2.0 endpoint is the unification of Microsoft personal accounts and work accounts into a single authentication system. With MSAL you can also get authentications for Azure AD B2C as well.
So MSAL enables developers to acquire tokens from the Microsoft identity platform endpoint in order to access secured web APIs. These web APIs can be the Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL is available for .NET, JavaScript, Android, and iOS, which support many different application architectures and platforms.
Hope this helps.

FIDO Authentication using windows hello and webauth

Would like to implement FIDO authentication for our web application using 'windows hello' as authenticator & 'WebAuthn' protocol.
Please let me know the steps involved.
Which windows OS version & its build version supports windows hello ?
How to set up FIDO server?
How to integrate our web application with FIDO server?
Is FIDO can be used to authenticate back end web api end point access?
FIDO2 functionality was initially released in Windows 10 version 1803
Set up a FIDO Server - You'll need to make a couple design decisions first.
2.1. Pay an IAM solution provider that already offers WebAuthn / FIDO2.
2.2. Build WebAuthn / FIDO2 functionality into your existing authentication system.
2.2.1 Integrate with an authentication service. The authentication service hosts the infrastructure, your app just calls their API.
2.2.2 Spin up standalone WebAuthn / FIDO2 servers on your own infrastructure and integrate it with your existing authentication system.
2.2.3 Integrate WebAuthn / FIDO2 libraries into your existing authentication system (uses existing infrastructure).
How you integrate depends on your design decisions outlined above. If you want to learn about integrating a library into your existing authentication system then I would recommend Yubico's Passwordless Workshop.
WebAuthn / FIDO2 supports various uses cases. Learn more at the FIDO Alliance.

I need Clarification on Azure App Registration

I need to Register an App in the Azure Portal in order to retrieve a Token for my Windows Desktop application.
Do I select Web App / API or Native?
APPLICATION DETAILS
The main application is a Windows Desktop Executable. It does NOT run on a handheld device (e.g. SmartPhone) NOR is a web browser involved.
We've created a type library using EWS Managed API in order to create appointments directly in Exchange (we use Exchange On Line). Now we'd like to use OAuth APIs for Authentication.
Use Native. It corresponds to OAuth2 public client concept - an application that cannot use/protect secrets. Use WebApp/API for Confidential Clients, e.g. web apps (except SPA), batch services running in protected environments, etc.

Integrating WSO2 API Manager 2.1.0 with Azure AD

We have requirement to configure Azure AD as a 3rd party key manager in WSO2 API gateway 2.1.0. Is there any reference available for the key manager client implementation with azure AD?
The scenario is that a mobile app will use Azure AD for authentication. Azure AD returns a token. Mobile app uses this token for API invocation via WSO2 API gateway. As per my understanding, this can be handled by configuring Azure AD as key manager in WSO2 API mananger.
Any help in this regard is much appreciated.
Based on my understanding, the WOS2 API Manager used Key Manager to handle all clients, security and access token-related operations.
To integrate WOS2 API Manager with Azure AD, we need to implement the Key Manager ourselves. Then we can follow this document to configure the Third-Party Key Manager.
See the WSO2 default Key Manager implementation for a sample Key Manager implementation.
And here is the helpful documents about integrating application with Azure AD:
Integrating applications with Azure Active Directory

Strategies for deploying geo replicated Microsoft Graph/Office 365 API based application

We have a web application that uses the Microsoft Graph API and Outlook REST API. We implemented a code authorization flow. This means that its our web server that handles requests to Microsoft Graph and Office 365 APIs.
We are based in Europe (hosted within Azure). Now we would like to replicate our infrastructure overseas to serve a better end-user experience.
What would be the possible strategies regarding these MS APIs.
Is there a geographical affinity mechanism? Is it based on the geo localization of the requesting app (us) or the localization of the tenant (we have users everywhere)? Staying within Azure Data centers will provide better performance? What would be Microsoft recommendations?
I asked about this, and the answer was that yes, there is an affinity system based on the location of your app. It should hit the instance of Graph or Outlook that's closest to you.
Regarding running in Azure, we are continuously optimizing latencies for Microsoft-owned Azure-based apps & services to access the Graph and Outlook APIs. This work would accrue to all apps and services running in Azure.

Resources