IoTIoT

Compute
Elastic Cloud Server
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
Domain Name Service
VPC Endpoint
Cloud Connect
Enterprise Switch
Security & Compliance
Anti-DDoS
Web Application Firewall
Host Security Service
Data Encryption Workshop
Database Security Service
Advanced Anti-DDoS
Data Security Center
Container Guard Service
Situation Awareness
Managed Threat Detection
Compass
Cloud Certificate Manager
Anti-DDoS Service
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GaussDB NoSQL
GaussDB(for MySQL)
Distributed Database Middleware
GaussDB(for openGauss)
Developer Services
ServiceStage
Distributed Cache Service
Simple Message Notification
Application Performance Management
Application Operations Management
Blockchain
API Gateway
Cloud Performance Test Service
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
DevCloud
ProjectMan
CodeHub
CloudRelease
CloudPipeline
CloudBuild
CloudDeploy
Cloud Communications
Message & SMS
Cloud Ecosystem
Marketplace
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP License Service
Support Plans
Customer Operation Capabilities
Partner Support Plans
Professional Services
enterprise-collaboration
Meeting
IoT
IoT
Intelligent EdgeFabric
DeveloperTools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Help Center> IoT> API Reference> MQTT Interface Reference> API Description> MQTT Connection Authentication Through CONNECT Messages
Updated at: Feb 24, 2022 GMT+08:00

MQTT Connection Authentication Through CONNECT Messages

Interface Function

The IoT platform provides the CONNECT message interface for MQTT devices to access the IoT platform. For details about the API specifications, see mqtt-v3.1.1-os.pdf. After the device is authenticated, the MQTT connection between the device and the IoT platform is established.

NOTE:

The IoT platform supports only MQTTS access. When a device establishes an MQTT connection to the IoT platform through the CONNECT message interface, the TLS certificate must be carried. Visit Obtaining Development Resources to obtain the TLS certificate from the AgentLite directory.

Parameters

Parameter

Mandatory or Optional

Type

Description

clientId

Mandatory

String(256)

The value of this parameter consists of device ID, authentication type, password signature type, and timestamp, which are separated by underscores (_). The device ID is deviceId returned after the device is registered successfully when the device uses deviceId to access the IoT platform. The value can also be nodeId entered during device registration with the IoT platform when the device uses nodeId to access the IoT platform.

  • authenticationType: This 1-byte parameter has three value options, 0, 1, and 2. 0 indicates that the device uses deviceId to access the IoT platform. 2 indicates that the device uses nodeId to access the IoT platform. 1 indicates that the one-model-one-secret mode is used for device access.
  • passwordSignatureType: The length is 1 byte, and the value can be 0 or 1.
    • 0 indicates that the timestamp is not verified using the HMACSHA256 algorithm.
    • 1 indicates that the timestamp is verified using the HMACSHA256 algorithm.
  • timestamp: indicates the UTC time when the device connects to the IoT platform. The format is YYYYMMDDHH. For example, if the UTC time is 2018/7/24 17:56:20, the timestamp is 2018072417.

username

Mandatory

String(256)

  • For one-device-one-secret devices, the value of this parameter is deviceId returned after the device is successfully registered when the device uses deviceId to access the IoT platform. The value can also be nodeId entered during device registration with the IoT platform when the device uses nodeId to access the IoT platform.

password

Mandatory

String(256)

The value of this parameter is the value of the device secret encrypted by using the HMACSHA256 algorithm with the timestamp as the key.

The device secret is returned by the IoT platform after the successful device registration.

The IoT platform performs authentication based on the CONNECT message of the MQTT protocol. The information contained in clientId must be intact. When receiving a CONNECT message, the IoT platform checks the authentication type and password digest algorithm of the device.

  • When the timestamp is verified using the HMACSHA256 algorithm, the IoT platform checks whether the message timestamp is consistent with the platform time and then checks whether the secret is correct.
  • The timestamp must be contained in the CONNECT message even when the timestamp is not verified using the HMACSHA256 algorithm, but the IoT platform does not check whether the time is correct. In this case, only the secret is checked.

If the authentication fails, the IoT platform returns an error message and automatically disconnects the MQTT link.

Did you find this page helpful?

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel