JSON Web Token (JWT) based client authentication in Message Queuing Telemetry Transport (MQTT)
It addresses authentication challenges for IoT devices, but is incremental as it reviews existing methods without introducing new solutions.
This paper compares JSON Web Token (JWT) and Transport Layer Security (TLS) for client authentication in IoT, focusing on MQTT protocols used by platforms like Google Cloud IoT and AWS.
This paper is an overview of JSON Web Token (JWT) and Transport Layer Security (TLS) as two primary approaches for authentication of the things on the Internet. JSON Web Token (JWT) is used extensively today for authorization and authentication within the OAuth and the OpenId framework. Recently, the Google Cloud IoT has mandated the use of JWT for both HTTP and Message Queuing Telemetry Transport (MQTT) protocol based clients connecting to the cloud service securely over TLS. MQTT is the protocol of choice in IoT devices and is the primary focus of this paper as the application protocol. Another popular cloud platform Amazon Web Service (AWS) uses the TLS mutual authentication for client authentication. Any comparison provided here between the two approaches is primarily from a constrained device client perspective.