What is a token?
Fleet Engine requires the use of JSON Web Tokens (JWTs) for API method calls from low-trust environments: smartphones and browsers.
A JWT originates on your server, is signed, encrypted, and passed to the client for subsequent server interactions until it expires or is no longer valid.
Key details
- Use Application Default Credentials to authenticate and authorize against Fleet Engine.
- Use an appropriate service account to sign JWTs. See Fleet Engine serviceaccount roles in Fleet Engine Basics.
For more information about JSON Web Tokens, see JSON Web Tokens in Fleet Engine Essentials.
How clients get tokens?
Once a driver or consumer logs in to your app using the appropriate authentication credentials, any updates issued from that device must use appropriate authorization tokens, which communicates to Fleet Engine the permissions for the app.
As the developer, your client implementation should provide the ability to do the following:
- Fetch a JSON Web Token from your server.
- Reuse the token until it expires to minimize token refreshes.
- Refresh the token when it expires.
The GMTDAuthorization protocol fetches JSON Web tokens at location update time
based on the GMTD AuthorizationContext object. The SDK
must package the tokens with the update information to send to Fleet Engine.
Make sure that your server-side implementation can issue tokens before
initializing the SDK.
For details of the tokens expected by Fleet Engine, see Issue JSON Web Tokens for Fleet Engine.
The providerID is the same as the Project ID of your Google Cloud Project. For information on setting up the Google Cloud Project, see Create your Fleet Engine project.