Almost all OPC UA requests require a session. A session is created and bound to a secure channel. After being created, the session must be activated. After being activated, the client provides user credentials to the server. Credentials are represented in the form of identity tokens.

The OPC UA stack supports authentication using the following identity token types:

  • Anonymous

  • User name and password

  • X509 certificate

  • JWT token

  • OAuth2

  • Azure

The OPC UA client and server are responsible for delivering authentication tokens, while the generation and validation of tokens should be implemented separately.