Almost all OPCUA requests require a session. Session is created and bounds to a secure channel. After creation session have to be activated. When activating, the client provides user credentials to the server. Credentials are represented in the form of identity tokens.

The OPC UA stack supports authentication using the following identity token types:

  • Anonymous

  • User name and password

  • X509 certificate

  • JWT token

  • OAuth2

  • Azure

The OPC UA client and server are responsible for delivering authentication tokens, while the generation and validation of tokens should be implemented separately.