JSON Web Token (JWT) based client authentication in Message Queuing Telemetry Transport (MQTT)

Abstract: This paper is an overview of JSON Web Token (JWT) and Transport Layer Security (TLS) as two primary approaches for authentication of the things on the Internet. JSON Web Token (JWT) is used extensively today for authorization and authentication within the OAuth and the OpenId framework. Recently, the Google Cloud IoT has mandated the use of JWT for both HTTP and Message Queuing Telemetry Transport (MQTT) protocol based clients connecting to the cloud service securely over TLS. MQTT is the protocol of choice in IoT devices and is the primary focus of this paper as the application protocol. Another popular cloud platform Amazon Web Service (AWS) uses the TLS mutual authentication for client authentication. Any comparison provided here between the two approaches is primarily from a constrained device client perspective.