← Back to team overview

mosquitto-users team mailing list archive

Re: Authentication

 

Hi Paul,

Interesting! My initial response is that it's a daft idea to give the
password at each published message, but it's certainly something that
could be considered. I'd be interested to hear what others thought
about it.

Cheers,

Roger



On Wed, Jun 4, 2014 at 6:03 PM, Paul Fremantle <paul@xxxxxxxxxxxxx> wrote:
> Roger
>
> While we are discussing the auth plugin, I had an issue.
>
> I'm using the uid/pw to pass over an OAuth2 token. During each pub/sub
> validation, I need to extract a scope from the token and check it. BTW I'm
> using the Python plugin, so this may be an issue with the python interface,
> but I think its the same on the C interface.
>
> Basically, I wanted to pass the token in the pw field, but I only get the pw
> during the connect validation. The result is I'd need to cache the uid/pw in
> the connect phase, and then key off the uid at pub/sub validation time. It
> would be much more convenient if you could pass the pw over with each
> validation. But maybe you don't want to store the password hence you only
> pass it over at connect validation?
>
> Thoughts?
>
> Paul
>
>
> On 4 June 2014 09:05, Roger Light <roger@xxxxxxxxxx> wrote:
>>
>> Hi John,
>>
>> You could also take a look at this plugin:
>> https://github.com/jpmens/mosquitto-auth-plug/
>>
>> FWIW, it's MQTT that forces you to connect before publishing, not
>> mosquitto.
>>
>> Cheers,
>>
>> Roger
>>
>> On Tue, Jun 3, 2014 at 11:55 PM, John DuPaix <jrdupaix@xxxxxxxxxxx> wrote:
>> > Quick question.  I would like to use an auth plugin to verify a
>> > username/password when someone establishes a connection with my
>> > mosquitto
>> > server.  Once they are connected they are able to publish to any topic
>> > and
>> > subscribe to only specific ones.  I know that i can use acl to make sure
>> > they subscribe to only the permitted ones. The question i have is this -
>> > Does a user have to connect before they can publish?  For example, is it
>> > it
>> > possible for a user to issue a "publish" command using a valid
>> > username/password before they issue a "connect" command to mosquitto?
>> > Does
>> > the same apply to "subscribe"? Or does mosquitto force users to always
>> > "connect" before they do anything?
>> >
>> > --
>> > Mailing list: https://launchpad.net/~mosquitto-users
>> > Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
>> > Unsubscribe : https://launchpad.net/~mosquitto-users
>> > More help   : https://help.launchpad.net/ListHelp
>> >
>>
>> --
>> Mailing list: https://launchpad.net/~mosquitto-users
>> Post to     : mosquitto-users@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~mosquitto-users
>> More help   : https://help.launchpad.net/ListHelp
>
>


Follow ups

References