@@ -76,29 +76,21 @@ def generate_access_token(
7676 # algorithm = 'RS256'
7777 # private_key_file = 'path/to/private_key.pem'
7878
79- def generate_device_access_token (
80- cloud_region , project_id , registry_id , device_id , jwt_token , scopes
81- ):
82- """Exchange IoT device jwt token for device access token."""
83- resource_path = "projects/{}/locations/{}/registries/{}/devices/{}" .format (
84- project_id , cloud_region , registry_id , device_id
85- )
86- request_url = "https://cloudiottoken.googleapis.com/v1beta1/{}:generateAccessToken" .format (
87- resource_path
88- )
89- headers = {"authorization" : "Bearer {}" .format (jwt_token )}
90- request_payload = {"scope" : scopes , "device" : resource_path }
91- resp = req .post (url = request_url , data = request_payload , headers = headers )
92- assert resp .ok , resp .raise_for_status ()
93- return resp .json ()["access_token" ]
94-
9579 # Generate IoT device JWT. See https://cloud.google.com/iot/docs/how-tos/credentials/jwts
9680 jwt = create_jwt (project_id , algorithm , private_key_file )
9781
9882 # Generate OAuth 2.0 access token. See https://developers.google.com/identity/protocols/oauth2
99- access_token = generate_device_access_token (
100- cloud_region , project_id , registry_id , device_id , jwt , scope
83+ resource_path = "projects/{}/locations/{}/registries/{}/devices/{}" . format (
84+ project_id , cloud_region , registry_id , device_id
10185 )
86+ request_url = "https://cloudiottoken.googleapis.com/v1beta1/{}:generateAccessToken" .format (
87+ resource_path
88+ )
89+ headers = {"authorization" : "Bearer {}" .format (jwt )}
90+ request_payload = {"scope" : scope , "device" : resource_path }
91+ resp = req .post (url = request_url , data = request_payload , headers = headers )
92+ assert resp .ok , resp .raise_for_status ()
93+ access_token = resp .json ()["access_token" ]
10294 print ("Device access token: {}" .format (access_token ))
10395 return access_token
10496 # [END iot_generate_access_token]
@@ -122,8 +114,8 @@ def publish_pubsub_message(
122114 # algorithm = 'RS256'
123115 # rsa_private_key_path = 'path/to/private_key.pem'
124116 # topic_id = 'pubsub-topic-id'
125-
126117 scope = "https://www.googleapis.com/auth/pubsub"
118+
127119 # Generate device access token
128120 access_token = generate_access_token (
129121 cloud_region ,
@@ -134,6 +126,7 @@ def publish_pubsub_message(
134126 algorithm ,
135127 rsa_private_key_path ,
136128 )
129+
137130 # Create Pub/Sub topic
138131 request_path = "https://pubsub.googleapis.com/v1/projects/{}/topics/{}" .format (
139132 project_id , topic_id
@@ -197,6 +190,7 @@ def download_cloud_storage_file(
197190 # bucket_name = 'name-of-gcs-bucket'
198191 # data_path = 'path/to/file/to/be/uploaded.png'
199192 scope = "https://www.googleapis.com/auth/devstorage.full_control"
193+
200194 # Generate device access token
201195 access_token = generate_access_token (
202196 cloud_region ,
@@ -284,6 +278,7 @@ def exchange_device_access_token_for_service_account_access_token(
284278 "content-type" : "application/json" ,
285279 "cache-control" : "no-cache" ,
286280 }
281+
287282 # Exchange access token for service account access token.
288283 exchange_payload = {"scope" : [scope ]}
289284 exchange_url = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/{}:generateAccessToken" .format (
@@ -320,6 +315,7 @@ def send_iot_command_to_device(
320315 # service_account_email = 'your-service-account@your-project.iam.gserviceaccount.com'
321316 # command_to_be_sent_to_device = 'command-to-device'
322317 scope = "https://www.googleapis.com/auth/cloud-platform"
318+
323319 # Generate device access token
324320 access_token = generate_access_token (
325321 cloud_region ,
@@ -333,6 +329,7 @@ def send_iot_command_to_device(
333329 service_account_token = exchange_device_access_token_for_service_account_access_token (
334330 access_token , service_account_email
335331 )
332+
336333 # Sending a command to a Cloud IoT Core device
337334 command_payload = json .dumps (
338335 {
0 commit comments