Bosch IoT Asset Communication

Work in the context of another application using the console

By default, a developer would open the Bosch IoT Suite Console from the list of service subscriptions and will thus act in the context of one specific subscription.

However, in this example we want to share one thing with another application -and act as another application to check our work.

Prerequisites

  • You have 2 subscriptions: e.g., one of type Asset Communication package and one of type Device Management package.

  • For the Device Management package you will need an OAuth2 client. See Create a Suite Auth client in case you have not created one yet.

Goal

We assume the subscription of the Device Management package needs to read a thing, which belongs to Asset Communication package instance.
After updating the policy, you will change the context to verify, if the Device Management package instance can now see it.
By authenticating with the OAuth2 token, you will act on behalf of the Device Management package.

Use the developer console managing your things

If you start in the Suite portal, the navigation items would be:

In case you have provisioned already devices, you should be able to see the list of Things.

Add a new policy entry to allow DMP to read the things path

Create a new policy entry

  • Label can be for example DMP.

  • The subject is of type "iot-suite" and holds a service instance ID of the Device Management package instance. Type is only descriptive so we set dmp.

    The correct notation field 5 is /service-instance.<the-ID>.iot-things


  • Grant read and write permission for the resource path "thing:/".

Now, the other subscription should be allowed to read and write the thing.

images/confluence/download/attachments/1529085723/policy-forDMP.png

Change the context of the acting subject

Open a new browser tab,

Open your user details and click Act as application.

images/confluence/download/attachments/1529085723/act-as-application-change.png

A pop-up will appear where you can enter the token, which will temporarily overwrite your authentication. Thus, you will be working in the context of the Device Management package.

images/confluence/download/attachments/1529085723/token-entry-field.png

Upon success, the console will read out some of the information included in that token, in order to give you the possibility to check again it is the one you wanted to be applied.

images/confluence/download/attachments/1529085723/robo-acting-as-application.png

Check your work

Check the visibility for the application

Acting as the application you should be able see the thing. However, as the Things list in the developer console will show by default only the things of the current subscription - which is Device Management package - you will not see it.

However, you can add a filter for the namespace used for the thing in the subscription of origin, and make it visible.

images/confluence/download/attachments/1529085723/things-filter.png

Go back to your subscription

Click the robot and stop acting as the application.

Now you are back to your common environment.