Browser Test Client Fails to Connect - Similar Solution

[napalm684]

I built a similar solution to this using python. I was able to verify with the aws iot test-invoke-authorizer command that it is returning a policy (denial of course, as there are no query string args to use with this tool).

Using the index.html solution you provide in this repo, I am unable to establish a connection using the token (first two segments concatenated with the '.' between) and the signature (the last portion of the jwt with additional regex work I saw in your example sig.replace(/_/gi, '/').replace(/-/gi, '+') + '==') which honestly I am confused by what this is doing other than making it fit a regex used by the aws cli command mentioned previously.

I also created a thing in IoT core for good measure mqtt_client but I am thinking this might not be necessary since I am using an Azure AD token and the keys provided by its public .well-known document (as described in the README).

When I hit connect in the web tool, it seems to get stuck in a loop attempting to make the websocket connection with the query string values provided by the UI. It continuously closes the connection and tries again. The error object in the callback does not seem to be defined and the HTTP Status codes are all 101.

I guess I am wondering if there is something I am missing here? If the custom authorizer is able to return the policy with rights to iot:Connect and I used '*' for the resource value just for testing, then what would keep the browser client (running locally) from establishing the connection via websocket? Any ideas? Thanks in advance!

[napalm684]

It appears the issue was my principalId had hyphens in it. Working now that I stuck to alphanumeric. Thanks for the great example!

[massi-ang]

Thanks for the feedback and great you find this example useful. I have added an explanation why sig.replace(/_/gi, '/').replace(/-/gi, '+') + '==') is needed.