JWT with OTA Updates
Let’s analyze the popular scenario for using JWTs to identify the OTA Updates clients who want to receive updates of software on their devices.
To receive software updates, you need to provide a JWT in a header or a query parameter of your request. When building the token, you can include IoT-supported registered claims and custom information. You then sign the token with a private RSA key. Signed JWTs act as temporary user credentials and allow you to receive software updates until the specified expiration time. See IoT-supported registered claims.
Now, let’s analyze how this sample IoT OTA Updates property configuration
tells the Akamai platform to search for and process JWTs in requests. Here, it directs
edge servers to check the
X-JWT-Location request header for tokens and use the public keys stored in
the OTAUpdatesKeySet key collection to authenticate clients by checking the
validity of their JWT signatures.
Once the edge server extracts the JWT from the request and validates the client’s identity and present claims, it permits the client to download the requested file with software updates.