mosquitto-jwt-auth 0.2.0

Plugin for Mosquitto MQTT broker, which enables authentication and authorisation via JWT over password.
Documentation

mosquitto-jwt-auth

Build Status Coverage Status

Simple Plugin for Mosquitto which enables authentication and authorisation via JWT as MQTT password.

Requires at least Mosquitto v1.6.3

Configuration

Property Valid values Usage
auth_opt_jwt_alg HS256, HS384, HS512, ES256, ES384, RS256, RS384, RS512 Sets the algorithm of the JWT signature
auth_opt_jwt_sec_file <enviroment variable name> Path to the file which contains the secret used for verification of the signature. Should be DER-encoded for RSA
auth_opt_jwt_sec_env <enviroment variable name> Name of the environment variable which contains the base64 encoded secret used for verification of the signature.
auth_opt_jwt_sec_base64 <base64-encoded-secret> Base64 encoded secret used for verification of the signature.
auth_opt_jwt_validate_exp (default) true, false true if the exp claim / the expiry date of the JWT should be validated
auth_opt_jwt_validate_sub_match_username (default) true, false true if the MQTT username has to be the same as specified in the sub claim

Custom Claims

  • publ (Optional) Contains the Topics(filters) the client is allowed to publish in

  • subl (Optional) Contains the Topics(filters) the client is allowed to subscribe to

    {
  "sub": "mqttUser",
  "iat": 1516239022,
  "exp": 1616239022,
  "subs": ["/+/topic", "/abc/#"],
  "publ": ["/abc"]
}