• State Verified Answer
  • Replies 2 replies
  • Subscribers 75 subscribers
  • Views 635 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 306912
Options

AT JWT results in error 50 (Incorrect parameters)

J0sh1101

Hi,

I need to generate the JWT, but it gives me wrong parameter error, Error 50. My commnd looks like this:

AT%JWT=0,300,"nrf-352656106443289","",16842753,2

I extracted this command from the nrf cloud rest fota example with a printk(). (The rest fota example gives me this error.)

I decided to do it manually as well, and I found that it works fine if I don't use the security flag. So I assume that there is something wrong with the credentials stored on slot 16842753. However, the credentials were generated by AWS and are used in an MQTT application that works fine. I can see that the connection is established, and I can also subscribe to the topic. So I think they are valid, right?

I updated the certifaces according to steps described on this website.

The following is a snippet of AT commands that execute the JWT command couple times and list the credentials stored in the modem:

What could be the reason that it does not work and what needs to be done to make it work?

Thanks for the help. 

MFW: mfw_nrf9160_1.3.4.

OS: Windows

SDK: 2.3.0-rc1

IDE: Visual Studio Code

Hardware: nRF9160 DK

Parents
  • +1

    Hello, 

    From Creating JWTs in the nRF Cloud documentation

    If your device uses a different value for the device ID, you must provide that value as the subject claim of the JWT. For example, if you want to use JWTs on Nordic Semiconductor products that have a device ID formatted as nrf-[IMEI], as is the case for the nRF9160 DK and Thingy:91, you must either provision a new certificate that uses the UUID (and re-provision the device on nRF Cloud), or pass the nrf-[IMEI] ID as the subject to the AT%JWT command.

    Note The nRF9160 DK and Thingy:91 are shipped with RSA256 certificates, which are not supported for JWT signing by modem firmware v1.3.x and later. To use JWTs with these devices, delete the device from nRF Cloud and re-provision it with a new ES256 device certificate.

    From Creating AT%JWT AT Command

    Note: If %JWT is given without the optional <sec_tag> and <key_type> parameters, device identity private key is used to sign the JWT.

    Kind regards,
    Øyvind

Reply
  • +1

    Hello, 

    From Creating JWTs in the nRF Cloud documentation

    If your device uses a different value for the device ID, you must provide that value as the subject claim of the JWT. For example, if you want to use JWTs on Nordic Semiconductor products that have a device ID formatted as nrf-[IMEI], as is the case for the nRF9160 DK and Thingy:91, you must either provision a new certificate that uses the UUID (and re-provision the device on nRF Cloud), or pass the nrf-[IMEI] ID as the subject to the AT%JWT command.

    Note The nRF9160 DK and Thingy:91 are shipped with RSA256 certificates, which are not supported for JWT signing by modem firmware v1.3.x and later. To use JWTs with these devices, delete the device from nRF Cloud and re-provision it with a new ES256 device certificate.

    From Creating AT%JWT AT Command

    Note: If %JWT is given without the optional <sec_tag> and <key_type> parameters, device identity private key is used to sign the JWT.

    Kind regards,
    Øyvind

Children
Related
Terms of service