The set command creates a JSON Web Token (JWT).
Syntax:
%JWT=[<alg>],[<exp_delta>],[<subject>],[<audience>][,<sec_tag>,<key_type>]
Response syntax:
%JWT: <jwt>
- +CME ERROR code
- 50 – Incorrect parameters.
- 51 – Command is disabled in this software build.
- 513 – Key not found (<sec_tag>,
<key_type>).
- 514 – Could not read key (<sec_tag>,
<key_type>).
- 525 – Error in JWT creation.
Note: If %JWT is given without the optional
<sec_tag> and <key_type> parameters,
device identity private key is used to sign the JWT.
The set command parameters and their defined values are the following:
- <alg>
- Integer
- Defines the JWT signing algorithm. The default value is 0. Other values are currently
not supported.
- 0 – ES256
- <exp_delta>
- Integer
- The number of seconds before expiry. The modem adds the
<exp_delta> value to the current time to determine the "exp"
(expiration time) claim defined in RFC 7519 4.1.4 identifying the time when
or after which the JWT must not be accepted for processing.
- If <exp_delta> is not given, or the value is 0, the "exp" and
"iat" claims are not included in the JWT.
Note: To get valid "exp" and "iat" claims, the
device must have a valid date and time that can be received from the network or set
manually (see the
+CCLK and
%CCLK commands).
- <subject>
- String
- The "sub" (subject) claim for the JWT as defined in RFC 7519 4.1.2.
Identifies the principal that is the subject of the JWT.
- <audience>
- String
- The "aud" (audience) claim for the JWT as defined in RFC 7519 4.1.3.
Identifies the recipients that the JWT is intended for.
Note: Entering an array of
multiple strings is not supported. Only a single audience string
supported.
- <sec_tag>
- Integer
- Identifies the key to be used for signing the JWT. The values correspond to the
<sec_tag> parameter in %CMNG.
- <key_type>
- Integer
- Type of the key to be used for signing the JWT. The values correspond to the
<type> parameter in %CMNG.
- 2 – Client private key
- <jwt>
- String
- Created JWT as Base64Url encoded string.
The following command example creates a JWT:
AT%JWT=0,3600,"ClientAuth","urn:server"