The recently release Arduino nano 33 IOT is the latest in a line of impressive open source microcontrollers from Arduino. The Biggest thing to impress me about this little device is the size of the thing eg
Smaller then your pinky finger but packed with wifi and bluetooth, and while these things are not a shadow in terms of computing power to the Nix powered single board computers like the Raspberry Pi or new Azure Sphere devices it is hard to beat these things for simplicity, expand-ability and cost. With the vast improvements in Serverless compute functions with thing like AWS lamba, Azure Functions and Google's Cloud Functions you can create some pretty cool solutions with minimal client side code. In this article however I'm going to look at how you can create code that runs entirely locally so doesn't need the Compute side (and cost and complexity associated with this).
Getting your device up and running
- First step is update the firmware on your device, with the Nano i brought recently there where bugs in the release firmware that cause a bunch of issue and lost time. But as a generally rule runing the latest firmware is going to serve you well.
- Update the root certificates on the device, because the Arduino only has a small subset of root certificates installed by default you need install to necessary root certificates for the Microsoft Graph and Azure OAuth login endpoints. There is a good article on how to do this here https://www.arduino.cc/en/Tutorial/FirmwareUpdater and you should use the following config to make sure you get all the certs
- Once you have that done all you need is your WifiUserName and Password and some Office365 Credentials.
A word on Security
One of the big advantages of going with a Server or Server-less compute approach vs the method I'm using here is there that you get away from needing to have credentials (essentially in plain text) stored on the device which could be easily dis-assembled from the device itself. So always be a little careful to create an account specific to the task your doing.
Libraries used
The Arduino IDE has a pretty rich ecosystem of libraries that make the coding a little less onerous. The ones I'm using in the Graph projects are
- ArduinoHttpClient - Used to make all the HTTP Request
- ArduinoJson - Used to parse the JSON response, on the of biggest challenges because of the limited amount of memory of the device is parsing the payload for responses but this library has some good method to deal with the tight memory restrictions. ## Authentication The first thing your Arduino needs to do once it connected to the Wifi is authenticate to Azure and get and AccessToken that can be used to access the Microsoft Graph. In this sample I'm using the username@password grant for Azure, this means the Auth is basically just one Post request. However Before you can make the request you do need to create and Application in Azure eg https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app (which will give you a ClientId) and this application needs to be consented to in your tenant (or at least to the user you using) and then grant the rights to the Microsoft Graph for what you want to do. Eg if your sending email give it the SendMail Grant etc see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent. ## Accessing the Microsoft Graph
Once you have an Access Token to access any of the Graph functions is just a matter of doing a REST GET,POST or PATCH (depending on what your trying to do) and sending the Token along eg the following shows a simple REST Get to retrieve Graph Profile which will contain things like phone numbers, and displayname etc
String GetRequest(String AccessToken) {
HttpClient httpClient(wifiClient, "graph.microsoft.com", 443);
httpClient.beginRequest();
httpClient.get("/v1.0/me/");
httpClient.sendHeader("Authorization", ("Bearer " + AccessToken));
httpClient.endRequest();
// read the status code and body of the response
int statusCode = httpClient.responseStatusCode();
String response = httpClient.responseBody();
Serial.print("Status code: ");
Serial.println(statusCode);
Serial.print("Response: ");
Serial.println(response);
}
If you wanted to get the information for a specific user then just change the fourth line like
httpClient.get("/v1.0/users/gscales@domain.com/");
I've created 3 examples in the following Git hub repo https://github.com/gscales/MS-Graph-Arduino/ for getting the Microsoft Graph Profile for a user,
Sending and Email and creating a Calendar Appointment. All of these use the arduino_secrets https://create.arduino.cc/projecthub/Arduino_Genuino/store-your-sensitive-data-safely-when-sharing-a-sketch-e7d0f0 to store private info for the Wifi username and password, office365 credentials and clientId for the application.
Top comments (2)
Thanks for the great article.
However, I'm trying to do a simple HTTPS GET request to my own domain, secured by LetsEncrypt.
It seems that the expiry date of the root certificate is only very short lived. So one would have to update the board over and over again (if I understand it correct).
How to overcome that ?
Hello Martin,
How to do the same thing with nodmcu ?