You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I built a similar solution to this using python. I was able to verify with the aws iot test-invoke-authorizer command that it is returning a policy (denial of course, as there are no query string args to use with this tool).
Using the index.html solution you provide in this repo, I am unable to establish a connection using the token (first two segments concatenated with the '.' between) and the signature (the last portion of the jwt with additional regex work I saw in your example sig.replace(/_/gi, '/').replace(/-/gi, '+') + '==') which honestly I am confused by what this is doing other than making it fit a regex used by the aws cli command mentioned previously.
I also created a thing in IoT core for good measure mqtt_client but I am thinking this might not be necessary since I am using an Azure AD token and the keys provided by its public .well-known document (as described in the README).
When I hit connect in the web tool, it seems to get stuck in a loop attempting to make the websocket connection with the query string values provided by the UI. It continuously closes the connection and tries again. The error object in the callback does not seem to be defined and the HTTP Status codes are all 101.
I guess I am wondering if there is something I am missing here? If the custom authorizer is able to return the policy with rights to iot:Connect and I used '*' for the resource value just for testing, then what would keep the browser client (running locally) from establishing the connection via websocket? Any ideas? Thanks in advance!
The text was updated successfully, but these errors were encountered:
Thanks for the feedback and great you find this example useful. I have added an explanation why sig.replace(/_/gi, '/').replace(/-/gi, '+') + '==') is needed.
I built a similar solution to this using python. I was able to verify with the
aws iot test-invoke-authorizer
command that it is returning a policy (denial of course, as there are no query string args to use with this tool).Using the index.html solution you provide in this repo, I am unable to establish a connection using the token (first two segments concatenated with the '.' between) and the signature (the last portion of the jwt with additional regex work I saw in your example
sig.replace(/_/gi, '/').replace(/-/gi, '+') + '=='
) which honestly I am confused by what this is doing other than making it fit a regex used by the aws cli command mentioned previously.I also created a thing in IoT core for good measure
mqtt_client
but I am thinking this might not be necessary since I am using an Azure AD token and the keys provided by its public.well-known
document (as described in the README).When I hit connect in the web tool, it seems to get stuck in a loop attempting to make the websocket connection with the query string values provided by the UI. It continuously closes the connection and tries again. The error object in the callback does not seem to be defined and the HTTP Status codes are all 101.
I guess I am wondering if there is something I am missing here? If the custom authorizer is able to return the policy with rights to
iot:Connect
and I used '*' for the resource value just for testing, then what would keep the browser client (running locally) from establishing the connection via websocket? Any ideas? Thanks in advance!The text was updated successfully, but these errors were encountered: