Google Cloud IOT Example on ESP8266
Clone or download
Latest commit 8d1a621 Jan 17, 2019

Google Cloud IoT JWT

This is an example of how to generate JSON Web Token (JWT) credentials for connecting to Google Cloud IoT Core.

This contains two parts: a library to make a JWT (json web token) which is used to authenticate with Google Cloud IOT, and Arduino sketches that demonstrate how to connect to Google Cloud IOT using the available HTTP and MQTT bridges.

This example is not an officially supported Google product, does not have a SLA/SLO, and should not be used in production.

Supported hardware targets

Currently, we support the following hardware targets:

  • Genuino MKR1000 and WiFi101
  • Espressif ESP32
  • Espressif ESP8266


Some examples use specific dependencies that need to be installed via the Arduino Library manager.


First, install the library using the Arduino Library Manager.

  • Open Arduino and select the Sketch > Include Library > Library Manager menu item.
  • In the filter box, search for "Google Cloud IoT JWT".
  • Install the library

Next, enable the Cloud IoT Core API by opening the Google Cloud IoT Core console.

Next, create your device registry as described in the Quickstart or by using the Google Cloud SDK.

If you're using the SDK, the following commands will setup PubSub and Cloud IoT Core for testing on your Arduino device:

Create the PubSub topic and subscription:

gcloud pubsub topics create atest-pub --project=YOUR_PROJECT_ID
gcloud pubsub subscriptions create atest-sub --topic=atest--pub

Create the Cloud IoT Core registry:

gcloud iot registries create atest-registry \
  --region=us-central1 --event-notification-config=topic=atest-pub

Generate an Eliptic Curve (EC) private / public key pair:

openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
openssl ec -in ec_private.pem -pubout -out ec_public.pem

Register the device using the keys you generated:

gcloud iot devices create atest-dev --region=us-central1 \
    --registry=atest-registry \
    --public-key path=ec_public.pem,type=es256

At this point, your registry is created and your device has been added to the registry so you're ready to connect it.

Select one of the available samples from the File > Examples > Google Cloud IoT Core JWT menu and find the configuration section (ciotc_config.h in newer examples).

Find and replace the following values first:

  • Project ID (get from console or gcloud config list)
  • Location (default is us-central1)
  • Registry ID (created in previous steps, e.g. atest-reg)
  • Device ID (created in previous steps, e.g. atest-device)

You will also need to extract your private key using the following command:

openssl ec -in ec_private.pem -noout -text

... and will need to copy the output for the private key bytes into the private key string in your Arduino project.

When you run the sample, the device will connect and receive configuration from Cloud IoT Core. When you change the configuration in the Cloud IoT Core console, that configuration will be reflrected on the device.

Before the examples will work, you will also need to configure the root certificate as described in the configuration headers.


You can see the Arduino client library in action in the Cloud IoT Demo from Google I/O 2018

Error codes

If you're using a sample that uses PubSub MQTT, the error codes are listed in this header file.

The error codes for the lwMQTT library are listed in this header file.

Known issues

If you're using PlatformIO with the PubSub client, add the following line to your platformio.ini to increase the packet size in the build step.

build_flags = -DMQTT_MAX_PACKET_SIZE=384 

HTTP Examples

  • We occasionally encounter 403 errors on these samples, not sure of the cause. In some cases, it seems this is occurring due to invalid / bad iss / exp fields in the JWT.
  • Transmitting telemetry seems less reliable than setting state and getting device configuration.


Apache 2.0; see LICENSE for details.


This project is not an official Google project. It is not supported by Google and Google specifically disclaims all warranties as to its quality, merchantability, or fitness for a particular purpose.