HTTPS POST to auth0 M2M JWT

Hi,

I'm trying to integrate a mkr1000 to authenticate against auth0 M2M to retrieve a token for posting weather data to a nodes server.

The POST query works just fine when using cURL, Postman and so on. This confirms that the JWT I'm getting from auth0 and parsing on the nodes server are working correctly.

Where I'm struggling is making the mkr1000 https post request to the https://mytenant.eu.auth0.com/auth/token service to obtain the token. Auth0 is bouncing back with a "400 Bad Request"

What I'm trying to do is have the mkr1000 post to the weather server with the last JWT received by auth0, if the token is not valid anymore have the IoT(mkr1000) device request for a new token from auth0 and then POST to the nodes weather server.

I'm using the arduinobearssl/WiFISSLClient example.

  • Updated the Arduino IDE to 1.8.16
  • updated the wifi101 library to 0.16.1
  • flashed the wifi101 firmware to 19.6.1
  • added the auth0.com:443 domain certificate after the upgrade

I'm suspecting that oauth.com is bouncing me because of an invalide TLS/SSL format in my request. I'm exploring ECCx08 features the crypto chip part of the arduino board but I don't understand how I can setup the board to provide a proper/valid certificate on the TLS layer that oauth0 will accept.

Any hints or suggestions on how to provide valid certs would be very welcome.

#include <SPI.h>
#include <WiFi101.h>
#include <ArduinoECCX08.h>
#include <ArduinoBearSSL.h>

char ssid[] = "mywifi"; 
char pass[] = "mywifipwd"; 
int keyIndex = 0; 

int status = WL_IDLE_STATUS;
char server[] = "myauth0tenant.eu.auth0.com"; 

WiFiClient client;
BearSSLClient sslClient(client);

unsigned long getTime() {
  return WiFi.getTime();
}

void setup() {
  //Initialize serial and wait for port to open:
  Serial.begin(9600);

  // check for the presence of the shield:
  if (WiFi.status() == WL_NO_SHIELD) {
    Serial.println("WiFi shield not present");
    // don't continue:
    while (true);
  }

  // attempt to connect to WiFi network:
  while (status != WL_CONNECTED) {
    Serial.println(ssid);
    status = WiFi.begin(ssid, pass);
    // wait 10 seconds for connection:
    delay(10000);
  }
  printWiFiStatus();

  ArduinoBearSSL.onGetTime(getTime);

  Serial.println("\nStarting connection to server...");
  // if you get a connection, report back via serial:
  if (sslClient.connect(server, 443)) {
    Serial.println("connected to server");
    // Make a HTTP request:
    sslClient.println("POST /oauth/token HTTP/1.1");
    sslClient.println("Content-Type: application/json");
    sslClient.println("Connection: close");
    sslClient.println("");
    sslClient.println("{\"client_id\":\"myclientid\",\"client_secret\":\"myclientsecret\",\"audience\":\"https://api.greenwoods.ch/api/mkr1000-1\",\"grant_type\":\"client_credentials\"}");
  }
}

void loop() {
  // if there are incoming bytes available
  // from the server, read them and print them:
  while (sslClient.available()) {
    char c = sslClient.read();
    Serial.write(c);
  }

  // if the server's disconnected, stop the client:
  if (!sslClient.connected()) {
    Serial.println();
    Serial.println("disconnecting from server.");
    sslClient.stop();

    // do nothing forevermore:
    while (true);
  }
}


void printWiFiStatus() {
  // print the SSID of the network you're attached to:
  Serial.print("SSID: ");
  Serial.println(WiFi.SSID());

  // print your WiFi shield's IP address:
  IPAddress ip = WiFi.localIP();
  Serial.print("IP Address: ");
  Serial.println(ip);

  // print the received signal strength:
  long rssi = WiFi.RSSI();
  Serial.print("signal strength (RSSI):");
  Serial.print(rssi);
  Serial.println(" dBm");
}

The response

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

Thanks