Page Comparison

iat

("Issued At"): The timestamp when the token was created, specified as seconds since 00:00:00 UTC, January 1, 1970. The server may report an error if this timestamp is too far in the past or future (allowing 10 minutes for skew).

MQTT, HTTP

exp

("Expiration"): The timestamp when the token stops being valid, specified as seconds since 00:00:00 UTC, January 1, 1970. The token’s maximum lifetime is 24 hours + skew.

• The server will close all MQTT connections a few seconds after the token expires (allowing for skew) because MQTT does not have a way to cannot refresh credentials. A new token must be minted to reconnect. Because of the allowed skew, in practice, the token’s minimum lifetime will be equal to the acceptable clock skew, even if set to one second.

• When connecting over HTTP, each HTTP request must include a JWT, regardless of expiration time.

• Clients in Network Time Protocol (NTP)-capable devices can use the Google Public NTP Server to keep the device clock synchronized; the requirement for authentication is to keep the clock synchronized with a skew of up to 10 minutes.

MQTT, HTTP

aud

("Audience"): This must be a single string containing the cloud project ID where the device is registered. The authentication will only be allowed with further analysis if the connection request matches this project ID.

MQTT

sk

(“System Key”): This must be a single string containing the ClearBlade Registry’s System Key. This can be obtained by clicking the “API Keys” API Keys button (key icon) at the top-right of the Registry Details page of the ClearBlade Registry.

HTTP

uid

(“User ID”): This must be a single string containing the deviceId of the device.

HTTP

ut

(“User Type”): This must be an integer hard-coded to value 3.

HTTP