This topic is used by the cloud to send a JWT token to the device after successful authentication via QR code scanning. The device will use this token to authenticate future communications with the cloud.
Request Topic and Payload
Topic
things5-production/v1/devices/<device-id>/authentication_token
Payload Representation
{
"access_token": {access_token},
"expires_in": 3600,
"refresh_expires_in": 1800,
"refresh_token": {refresh_token},
"token_type": "Bearer",
"id_token": {id_token},
"not-before-policy": 0,
"session_state": {UUID},
"scope": "openid profile email"
}
The cloud will publish a message to this topic after the mobile device has successfully scanned the QR code and the session has been authenticated.
Payload Parameters
| type | description | example |
|---|---|---|
| access_token | JWT token that the device will use for authenticating HTTPS requests. | eyJhbGciOiASU-... |
| refresh_token | JWT token that the device will use to keep the session active. | eyJhbGciOiASU-... |
Example response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJWSk1CenoxVi1SSFN0SWwzbDJqcVd2WVl2NUZtbjJCSW5ySldwX2UzVzN3In0.eyJleHAiOjE3MDkyMzcyMjMsImlhdCI6MTcwOTIwMTMxNCwianRpIjoiYmUxMGUzMGYtODNlMC00NjY4LTgwYzAtZDRiYmNjOGM2OTA2IiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay52aXN1cC5tZS9hdXRoL3JlYWxtcy90aGluZ3M1LXN0YWdpbmciLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiYTkzNTNhNjEtN2JjZS00MWYyLWE1MzctMGJmYjE1OTc4ZjU4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXBpIiwic2Vzc2lvbl9zdGF0ZSI6IjMwMjMzMGJhLTg0N2EtNGNmZC05NDllLTNkZjA5ZGUwOWVkNyIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLXRoaW5nczUtc3RhZ2luZyIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwic2lkIjoiMzAyMzMwYmEtODQ3YS00Y2ZkLTk0OWUtM2RmMDlkZTA5ZWQ3IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJBbmRyZWEgR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYW5kcmVhQHZpc3VwLml0IiwiZ2l2ZW5fbmFtZSI6IkFuZHJlYSIsImZhbWlseV9uYW1lIjoiR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwiZW1haWwiOiJhbmRyZWFAdmlzdXAuaXQifQ.MRLjWLW4Voi2N3n5y4CKAdw26gZDhBp0dW7cXrBSBbzVu6mLvW63Yg8ogiw7UMO3-B0afyrREo9SGeWJUryzE8BEKGAnuA_3kfZsaV_s6UrGuGX_Q-FCmNAdN1CBT8AvnbbryQlp0nfILaIHi4_ThGnsMq5I_JH6HStseePXPdZeEpuBW6R7mhs4eihI05rjAnUR8AxesHrHK1zjjqBloJdsdEWqinzvpQ8gtEtd116zpgtT6wNyzQh44FMiCQNfXoXDZuvuwpjHOdbF9QCvd_ZJ-Dg9zKZymBz-tY0J4KRP6BD_C9r3eXTv96PzgphcX_Jnf_FnBN53czUx5FE9HQ",
"expires_in": 35909,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI2N2NjZjRkMS1jOGZmLTQ2OTYtODk0Zi1hNzhjZGUxOTdiNjAifQ.eyJleHAiOjE3MDkyMDMxMTQsImlhdCI6MTcwOTIwMTMxNCwianRpIjoiM2Y5ZDBjNjgtZjUxNy00NjI0LTgyMzEtNjBmNDY2ZTZlNDRiIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay52aXN1cC5tZS9hdXRoL3JlYWxtcy90aGluZ3M1LXN0YWdpbmciLCJhdWQiOiJodHRwczovL2tleWNsb2FrLnZpc3VwLm1lL2F1dGgvcmVhbG1zL3RoaW5nczUtc3RhZ2luZyIsInN1YiI6ImE5MzUzYTYxLTdiY2UtNDFmMi1hNTM3LTBiZmIxNTk3OGY1OCIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJhcGkiLCJzZXNzaW9uX3N0YXRlIjoiMzAyMzMwYmEtODQ3YS00Y2ZkLTk0OWUtM2RmMDlkZTA5ZWQ3Iiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSBlbWFpbCIsInNpZCI6IjMwMjMzMGJhLTg0N2EtNGNmZC05NDllLTNkZjA5ZGUwOWVkNyJ9.bguGHmvt9xRcAiCWyDDziuGuM0Kft8q7OMD-U6fMSo8",
"token_type": "Bearer",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJWSk1CenoxVi1SSFN0SWwzbDJqcVd2WVl2NUZtbjJCSW5ySldwX2UzVzN3In0.eyJleHAiOjE3MDkyMzcyMjMsImlhdCI6MTcwOTIwMTMxNCwiYXV0aF90aW1lIjowLCJqdGkiOiJkY2RmMWI0NC1iZDkyLTQ4YjYtYTRjNS1jODA5OTg0YTk0MGQiLCJpc3MiOiJodHRwczovL2tleWNsb2FrLnZpc3VwLm1lL2F1dGgvcmVhbG1zL3RoaW5nczUtc3RhZ2luZyIsImF1ZCI6ImFwaSIsInN1YiI6ImE5MzUzYTYxLTdiY2UtNDFmMi1hNTM3LTBiZmIxNTk3OGY1OCIsInR5cCI6IklEIiwiYXpwIjoiYXBpIiwic2Vzc2lvbl9zdGF0ZSI6IjMwMjMzMGJhLTg0N2EtNGNmZC05NDllLTNkZjA5ZGUwOWVkNyIsImF0X2hhc2giOiJYYlQwODdiUXlla3JNQW8zX0owY3RBIiwic2lkIjoiMzAyMzMwYmEtODQ3YS00Y2ZkLTk0OWUtM2RmMDlkZTA5ZWQ3IiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm5hbWUiOiJBbmRyZWEgR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYW5kcmVhQHZpc3VwLml0IiwiZ2l2ZW5fbmFtZSI6IkFuZHJlYSIsImZhbWlseV9uYW1lIjoiR3Jvc3NldHRpXHVEODNEXHVEQzEzIiwiZW1haWwiOiJhbmRyZWFAdmlzdXAuaXQifQ.NM1A9j5lNKN_jbJcpY2onumY4nARBHNbnAUI8A7WU-GvdRbUiquzLhfYDUDunH87DrEIfepqAROWN9ukcwBX9OD8bnttWr4LPrUbjtV8tfpMLBlvpY_OkvenY1hBLiOitDaKK5mvkdT1iuxS1Fv1EJinRaUYriTi1W0bp4Cx4EHCpiICjp8fQQnasiD_3y0Wq7Me9xIx0asnbtytIXbCZMrbIF750FE3EEGedm4y2vd2cB8OhObtlV5xnKJXJFhKYRsBZisfUuU-NDkx3yvR-BvS8ahHBo2d9grJLX2iU-4I_YH0frUMub8UssqF2qU34oxV2gfrrX9h_JCeIdqU2g",
"not-before-policy": 0,
"session_state": {UUID},
"scope": "openid profile email"
}
- The device should subscribe to this topic after it requests a QR code (https://docs.things5.com/reference/sub-authentication-qr-request), waiting for the JWT token after successful authentication.
- The access_token should be included in the Authorization header of all future HTTP requests made by the device.
- Ensure to handle token expiration, send your refresh_token to https://docs.things5.com/reference/refresh-token to keep your session active.