Both authentication methods in a default rule

To allow an IoT device to use either authentication method in a request to get access to topics, you can configure both JWT and mutual authentication behaviors in the default rule of your property.

You need to make sure that these authentication methods don’t overlap in authorization data they extract from JWTs or client certificates. To do so, configure one authentication behavior to extract client IDs and the other to extract authorization groups. That way, the IoT device can get access to resources controlled by authorization groups and client IDs with one request.
Note: You can’t configure a property to extract the same authorization data with both authentication methods in the default rule.
For example, this default rule configuration lets you access different resources based on how you authenticate your requests. In some requests, you can use JWTs to get access to regular topics based on the authorization groups extracted from these tokens. In other requests, you can use client certificates to get access to identity topics based on the client IDs extracted from this certificates. In yet another requests, you can mix both authentication methods and get access to resources based on the authorization groups extracted from JWTs and the client IDs extracted from client certificates.
Default rule with JWT and mutual authentication behaviors