Multiple users requiring access to a single device

Hi all,

I am working on a consumer IoT product and we’re using two-legged authentication architecture. We create customer accounts on our backend and accompanying Particle shadow customer accounts at the same time. When a user logins into our app we provide them with a Particle token and that is how they communicate with their device.

We want to implement a feature that allows multiple users to share a device. At the moment, the idea would be to share a single Particle Shadow customer account with multiple users. The issue with that approach is that all users would have the same privilege level because they are all using the same token. Ideally for our feature we would like to have a single product owner and other users would be considered guests.

I was hoping to get some insight in best practices for authentication for multiple users and device relationships.

1 Like

Hi there, sorry for letting this ticket sit unanswered - we discussed this in detail in a support ticket. A summary is as follows:

It should be possible to generate more than one access token per shadow customer. You can find more information about access token creation in a shadow customer context here. However, as you suspect, this does not create any kind of hierarchy with respect to access.

If you are interested in a more deeply-tiered hierarchy of access, which I suspect you are, then you would likely need to proxy another level of abstracted authentication within your own system (you own infrastructure).