0

I'm trying to get started with google IOT core by posting a simple http request from the command line.

I have set up my registry and device in Console, and added the public key. I set up a telemetry topic. I've generated the JWT using a Qt application I found, using the private key. I'm using the procedure specified at https://cloud.google.com/iot/docs/how-tos/http-bridge. My command is:

curl -X POST -H 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzeWx2YW4tam91cm5leS0xOTU4MTUiLCJleHAiOiIxNTIwMzU4NjMyIiwiaWF0IjoiMTUxOTc1MzgzMiJ9.kDkwtWvfAE+AOYT2cObgh8Mux2n1DOuek1KR0YrsFSI=' -H 'content-type: application/json' --data '{"binary_data": "SGVsbG8="}' -H 'cache-control: no-cache' 'https://cloudiotdevice.googleapis.com/v1/projects/sylvan-journey-195815/locations/europe-west1/registries/MyDeviceRegistry/devices/FirstDevice:publishEvent'

When I try to post the command I get error 401 "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential"

I don't know where to look. Is there a problem with my JWT? Is the format of the command wrong? Do I need to add a public key to the registry or just to the devices. How do I find out what's wrong?

Any guidance much appreciated

MikeE
  • 1
  • 2

1 Answers1

0

A few ideas:

  • (Update) Check the JWT is valid on JWT.io
  • Regenerate your EC public / private key and register the device again
  • Note the maximum lifetime of a token is 24 hours.
  • Make sure that your device was registered with the correct credentials, region, and Cloud project.
  • Ensure that HTTP is enabled for your registry

How did you register your device? If the device was registered with a certificate that has expired, you could encounter authentication issues.

The following Python code is how I generate JWTs from the commandline for Curl-testing the HTTP endpoint assuming an RSA256 key:

import datetime
import jwt
import requests

algorithm = 'RS256'
cloud_region = 'your-cloud-region'
device_id = 'your-device-id'
private_key_file = 'path/to/rsa_private.pem'
project_id = 'your-project-id'
registry_id = 'your-registry-id'

token = {
        # The time the token was issued.
        'iat': datetime.datetime.utcnow(),
        # Token expiration time.
        'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60),
        # The audience field should always be set to the GCP project id.
        'aud': project_id
}

# Read the private key file.
with open(private_key_file, 'r') as f:
    private_key = f.read()

print(jwt.encode(token, private_key, 
algorithm=algorithm).decode('ascii'))

The following image shows you the setting in the Cloud Console for enabling HTTP/MQTT that can be found under IoT Core > Registry > Edit Registry. Note that if you disable HTTP, you will not be able to use the HTTP device bridge.

enter image description here

class
  • 8,621
  • 29
  • 30
  • I tried removing the =. The JWT should not have expired, expiry date 7 days after creating, but I made a new JWT and tried, all the same. – MikeE Mar 01 '18 at 11:19
  • I registered the device using the console. I've checked the project name / region etc. So, the problem must be with my JWT? I tried pasting it into a web tool at jwt.io and it decoded the claims OK, but still said it was an invalid signature. Is there a web-tool which will allow me to generate JWTs, so I can check everything else is correct? – MikeE Mar 01 '18 at 11:19
  • I have the same issue. How did you fix it? Issue on the JWT? Thanks for your feedback! – fro Aug 06 '18 at 10:34
  • Added more suggestions -- I was wrong, the = on the end is valid for the JWT used in authentication. I strongly recommend trying to regenerate a new EC keypair, it appears to me that in some cases the EC keypair is "invalid" (e.g. key used elsewhere?) – class Aug 14 '18 at 21:40
  • Anyone has fixed it? I have the same problem, mayba an issue with an API that is disabled? – Francisco Javier Snchez Jan 26 '21 at 09:40
  • This API is working, usually this is caused by an invalid JWT. – class Jan 27 '21 at 19:17