Page Comparison

iat

("Issued At"): The timestamp when the token was created, specified as seconds since 00:00:00 UTC, January 1, 1970. The server may report an error if this timestamp is too far in the past or future (allowing 10 minutes for skew).

exp

("Expiration"): The timestamp when the token stops being valid, specified as seconds since 00:00:00 UTC, January 1, 1970. The token’s maximum lifetime of a token is 24 hours + skew.

• The server will close all MQTT connections a few seconds after the token expires (allowing for skew) because MQTT does not have a way to refresh credentials. A new token must be minted to reconnect. Because of the allowed skew, in practice, the token’s minimum lifetime of a token will be equal to the acceptable clock skew, even if it is set to one second.

• When connecting over HTTP, each HTTP request must include a JWT, regardless of expiration time.

• Clients in Network Time Protocol (NTP)-capable devices can use the Google Public NTP Server to keep the device clock synchronized; the requirement for authentication is to keep the clock synchronized with a skew of up to 10 minutes.

aud

("Audience"): This must be a single string containing the cloud project ID where the device is registered. If the connection request does not match this project ID, the authentication will be denied without further analysis.