Modem JWT

The Modem JWT library provides access to the modem’s JSON Web Token (JWT) generation feature, which is available in modem firmware v1.3.0 or higher.

Configuration

To use the library to request a JWT, complete the following steps:

  1. Set the following Kconfig options to enable the library:

  2. Populate the jwt_data structure with your desired values. See Possible structure values for more information.

  3. Pass the structure to the function that generates JWT (modem_jwt_generate()).

If the function executes successfully, jwt_data.jwt_buf will contain the JSON Web Token.

Possible structure values

You can configure the following values in the jwt_data structure:

  • jwt_data.sec_tag - Optional. The sec_tag must contain a valid signing key. If zero is given, the modem uses its own key for signing.

  • jwt_data.key - Required if sec_tag is not zero. Defines the type of key in the sec tag.

  • jwt_data.alg - Required if sec_tag is not zero. Defines the JWT signing algorithm. Currently, only ECDSA 256 is supported.

  • jwt_data.exp_delta_s - Optional. If set, and if the modem has a valid date and time, the iat and exp claims are populated.

  • jwt_data.subject - Optional. Corresponds to sub claim. Use NULL if you want to leave out this field.

  • jwt_data.audience - Optional. Corresponds to aud claim. Use NULL if you want to leave out this field.

  • jwt_data.jwt_buf - Optional. Buffer for the generated, null-terminated, JWT string. If a buffer is not provided, the library will allocate memory.

  • jwt_data.jwt_sz - Size of JWT buffer. Required if jwt_data.jwt_buf is set.

API documentation

Header file: include/modem/modem_jwt.h
Source file: lib/modem_jwt/modem_jwt.c
JWT generation