Hey there, let's break down why you're hitting an invalid topic error when publishing to Google Cloud IoT with your Paho-MQTT Python client. I’ve debugged this exact issue a few times, so here are the key fixes to check:

1. You’re Using the Wrong Topic Format for Device Publishing #

Google Cloud IoT Core doesn’t let devices publish directly to Pub/Sub topics using the projects/{project-id}/topics/{topic-name} path. Instead, devices must publish to device-specific event topics, and you use IoT Core routing rules to forward those events to your target Pub/Sub topic.

Your current topic:

mqtt_topic = "/projects/my_project/topics/sm1"

This is incorrect. The valid device publish topic structure is:

# Basic event topic
mqtt_topic = "/devices/{your-device-id}/events"

# Or with a subfolder (to use for routing)
mqtt_topic = "/devices/{your-device-id}/events/sm1"

2. Missing IoT Core Routing Rule #

Once you fix the publish topic, you need to set up a routing rule in your Cloud IoT Registry to forward events from the device’s topic to your sm1 Pub/Sub topic:

• Go to your Cloud IoT Registry in the GCP Console
• Navigate to "Routes" > "Create Route"
• Set the "Match" field to events/sm1 (if using the subfolder topic)
• Select your projects/my_project/topics/sm1 as the destination Pub/Sub topic

3. Incorrect MQTT Client ID Format #

Your client ID must follow this exact structure, otherwise IoT Core will reject your connection (and subsequent publish attempts):

client_id = f"projects/{project_id}/locations/{your-region}/registries/{your-registry-id}/devices/{your-device-id}"
client = mqtt.Client(client_id=client_id)

If your code isn’t setting this properly, that’s a common hidden cause of topic validation errors.

4. JWT Token Configuration Issues #

Double-check that the JWT generated by jwt_maker has the correct aud (audience) field set to your project ID (my_project). An invalid JWT will lead to authorization failures that can manifest as "invalid topic" errors.

You can decode your JWT to verify (use a local tool like jwt.io) or add a print statement to inspect the token’s payload.

5. IAM Permissions for the Device #

Ensure the device’s associated service account or certificate has the roles/cloudiot.devicePublisher role. Without this permission, IoT Core will block your publish requests even if the topic format is correct.

Quick Corrected Code Snippet #

Here’s how your relevant code should look once fixed (fill in the missing device/registry/region details):

import paho.mqtt.client as mqtt
import ssl, random, jwt_maker
from time import sleep

root_ca = './../roots.pem'
public_crt = './../my_cert.pem'
private_key = './../my_pr.pem'
mqtt_url = "mqtt.googleapis.com"
mqtt_port = 8883

# Correct device event topic
device_id = "your-device-id"
mqtt_topic = f"/devices/{device_id}/events/sm1"

project_id = "my_project"
registry_id = "your-registry-id"
region = "your-region"  # e.g., us-central1

# Correct client ID format
client_id = f"projects/{project_id}/locations/{region}/registries/{registry_id}/devices/{device_id}"
client = mqtt.Client(client_id=client_id)

# Set up JWT authentication (ensure jwt_maker generates valid token with aud=project_id)
jwt_token = jwt_maker.generate_jwt(project_id, private_key)
client.username_pw_set(username='unused', password=jwt_token)

# Configure SSL
client.tls_set(root_ca, certfile=public_crt, keyfile=private_key, cert_reqs=ssl.CERT_REQUIRED, tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)

# Connect and publish
client.connect(mqtt_url, mqtt_port, keepalive=60)
client.loop_start()

# Example publish
while True:
    payload = f"Random value: {random.randint(0, 100)}"
    client.publish(mqtt_topic, payload, qos=1)
    print(f"Published: {payload}")
    sleep(5)

After making these changes, don’t forget to create the routing rule in your IoT Registry to forward the events/sm1 events to your sm1 Pub/Sub topic.

内容的提问来源于stack exchange，提问作者Dalton Cézane