0.2.0	Jul 28, 2019

Custom license

41KB
1K SLoC

mosquitto-jwt-auth

Simple Plugin for Mosquitto which enables authentication and authorisation via JWT as MQTT password.

Requires at least Mosquitto v1.6.3

Configuration

Property	Valid values	Usage
`auth_opt_jwt_alg`	`HS256`, `HS384`, `HS512`, `ES256`, `ES384`, `RS256`, `RS384`, `RS512`	Sets the algorithm of the JWT signature
`auth_opt_jwt_sec_file`	`<enviroment variable name>`	Path to the file which contains the secret used for verification of the signature. Should be DER-encoded for RSA
`auth_opt_jwt_sec_env`	`<enviroment variable name>`	Name of the environment variable which contains the base64 encoded secret used for verification of the signature.
`auth_opt_jwt_sec_base64`	`<base64-encoded-secret>`	Base64 encoded secret used for verification of the signature.
`auth_opt_jwt_validate_exp`	(default) `true`, `false`	`true` if the `exp` claim / the expiry date of the JWT should be validated
`auth_opt_jwt_validate_sub_match_username`	(default) `true`, `false`	`true` if the MQTT username has to be the same as specified in the `sub` claim

publ (Optional) Contains the Topics(filters) the client is allowed to publish in

subl (Optional) Contains the Topics(filters) the client is allowed to subscribe to

{
  "sub": "mqttUser",
  "iat": 1516239022,
  "exp": 1616239022,
  "subs": ["/+/topic", "/abc/#"],
  "publ": ["/abc"]
}

~9MB
~260K SLoC