| Note |
|---|
This documentation is still in development - use at your own risk |
To authenticate to Cloud ClearBlade IoT Core, each device must prepare a JSON Web Token (JWT, RFC 7519). JWTs are used for short-lived authentication between devices and the MQTT or HTTP bridges. This page describes the Cloud ClearBlade IoT Core requirements for the contents of the JWT.
Cloud ClearBlade IoT Core does not require a specific token generation method. A good collection of helper client libraries can be found on JWT.io.
...
The following sample illustrates how to create a Cloud ClearBlade IoT Core JWT for a given project. After creating the JWT, you can connect to the MQTT or HTTP bridge to publish messages from a device.
...
The JWT header consists of two fields that indicate the signing algorithm and the type of token. Both fields are mandatory, and each field has only one value. Cloud ClearBlade IoT Core supports the following signing algorithms:
...
The JWT payload contains a set of claims, and it is signed using the asymmetric keys. The JWT claim set contains information about the JWT, such as the target of the token, the issuer, the time the token was issued, and/or the lifetime of the token. Like the JWT header, the JWT claim set is a JSON object and is used in the calculation of the signature.
Required claims
Cloud ClearBlade IoT Core requires the following reserved claim fields. They may appear in any order in the claim set.
...
A JSON representation of the required reserved fields in a Cloud ClearBlade IoT Core JWT claim set is shown below:
...
As described in required claims, tokens have expiration dates. If a device is connected over MQTT and its token expires, the device automatically disconnects from Cloud ClearBlade IoT Core. You can prevent the device from disconnecting by automatically refreshing its token. The following samples illustrate how to check whether a token has expired and, if it has, how to reconnect with a new token without disconnecting the device.
...