Google IOT 核心-http 桥“请求缺少必需的身份验证凭据”

Question

I'm trying to get started with google IOT core by posting a simple http request from the command line.

I have set up my registry and device in Console, and added the public key. I set up a telemetry topic. I've generated the JWT using a Qt application I found, using the private key. I'm using the procedure specified at https://cloud.google.com/iot/docs/how-tos/http-bridge . My command is:

curl -X POST -H 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzeWx2YW4tam91cm5leS0xOTU4MTUiLCJleHAiOiIxNTIwMzU4NjMyIiwiaWF0IjoiMTUxOTc1MzgzMiJ9.kDkwtWvfAE+AOYT2cObgh8Mux2n1DOuek1KR0YrsFSI=' -H 'content-type: application/json' --data '{"binary_data": "SGVsbG8="}' -H 'cache-control: no-cache' ' https://cloudiotdevice.googleapis.com/v1/projects/sylvan-journey-195815/locations/europe-west1/registries/MyDeviceRegistry/devices/FirstDevice:publishEvent '

When I try to post the command I get error 401 "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential"

I don't know where to look. Is there a problem with my JWT? Is the format of the command wrong? Do I need to add a public key to the registry or just to the devices. How do I find out what's wrong?

Any guidance much appreciated

Answer 1

A few ideas:

• (Update) Check the JWT is valid on JWT.io
• Regenerate your EC public / private key and register the device again
• Note the maximum lifetime of a token is 24 hours .
• Make sure that your device was registered with the correct credentials, region, and Cloud project.
• Ensure that HTTP is enabled for your registry

How did you register your device? If the device was registered with a certificate that has expired, you could encounter authentication issues.

The following Python code is how I generate JWTs from the commandline for Curl-testing the HTTP endpoint assuming an RSA256 key:

import datetime
import jwt
import requests

algorithm = 'RS256'
cloud_region = 'your-cloud-region'
device_id = 'your-device-id'
private_key_file = 'path/to/rsa_private.pem'
project_id = 'your-project-id'
registry_id = 'your-registry-id'

token = {
        # The time the token was issued.
        'iat': datetime.datetime.utcnow(),
        # Token expiration time.
        'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60),
        # The audience field should always be set to the GCP project id.
        'aud': project_id
}

# Read the private key file.
with open(private_key_file, 'r') as f:
    private_key = f.read()

print(jwt.encode(token, private_key, 
algorithm=algorithm).decode('ascii'))

The following image shows you the setting in the Cloud Console for enabling HTTP/MQTT that can be found under IoT Core > Registry > Edit Registry. Note that if you disable HTTP, you will not be able to use the HTTP device bridge.