@ian.c
Thank you for your help. If you okay, could you please send me a pull request or issue about your modifications to my MQTT-TLS/TlsTcpClient github.
How to get the JWT token from server or create on the devices(with mbedTLS) have security and mbedTLS library size problem.
Now particle firmware include mbedTLS for DTLS that could not use for TLS(tcp).
Then I port mbedTLS(tcp) with MQTT simple implementation, unfortunately if application use MQTT-TLS it have two mbedTLS on the device as a result(this is waste of size). MQTT-TLS library have a JWT token create method like a makeJWT(…) is one of good idea, but MQTT library including JWT token create function is a little bit strange. I think it would be better to implement MQTT and JWT as separate library.(but…become waste of size…)
Download JWT token from server with trusted secure pub/sub or something method is good idea. As you write, generate JWT token everyday on the server takes a server cost.
anyway I will implements generate JWT token function on MQTT-TLS library with mbedtls, then I check the library total size.