nrf9160

Set command

The set command creates a JSON Web Token (JWT).

Syntax:

%JWT=[<alg>],[<exp_delta>],[<subject>],[<audience>][,<sec_tag>,<key_type>]

Response syntax:

%JWT: <jwt>
+CME ERROR code
50 – Incorrect parameters.
51 – Command is disabled in this software build.
513 – Key not found (<sec_tag>, <key_type>).
514 – Could not read key (<sec_tag>, <key_type>).
525 – Error in JWT creation.
Note: If %JWT is given without the optional <sec_tag> and <key_type> parameters, device identity private key is used to sign the JWT.

The set command parameters and their defined values are the following:

<alg>
Integer
Defines the JWT signing algorithm. The default value is 0. Other values are currently not supported.
0 – ES256
<exp_delta>
Integer
The number of seconds before expiry. The modem adds the <exp_delta> value to the current time to determine the "exp" (expiration time) claim defined in RFC 7519 4.1.4 identifying the time when or after which the JWT must not be accepted for processing.
If <exp_delta> is not given, or the value is 0, the "exp" and "iat" claims are not included in the JWT.
Note: To get valid "exp" and "iat" claims, the device must have a valid date and time that can be received from the network or set manually (see the +CCLK and %CCLK commands).
<subject>
String
The "sub" (subject) claim for the JWT as defined in RFC 7519 4.1.2. Identifies the principal that is the subject of the JWT.
<audience>
String
The "aud" (audience) claim for the JWT as defined in RFC 7519 4.1.3. Identifies the recipients that the JWT is intended for.
Note: Entering an array of multiple strings is not supported. Only a single audience string supported.
<sec_tag>
Integer
Identifies the key to be used for signing the JWT. The values correspond to the <sec_tag> parameter in %CMNG.
<key_type>
Integer
Type of the key to be used for signing the JWT. The values correspond to the <type> parameter in %CMNG.
2 – Client private key
8 – Endorsement private key
<jwt>
String
Created JWT as Base64Url encoded string.

The following command example creates a JWT:

AT%JWT=0,3600,"ClientAuth","urn:server"