rmqtt-plugins 0.16.1

Plugin collection for rmqtt, providing authentication, storage, bridges, clustering, and other extensions.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

##--------------------------------------------------------------------

## rmqtt-auth-jwt

##--------------------------------------------------------------------



# See more keys and their definitions at https://github.com/rmqtt/rmqtt/blob/master/docs/en_US/auth-jwt.md

# Generate a test JWT. See https://jwt.io/#debugger-io



## Disconnect if publishing is rejected

##

## Value: true | false

## Default: true

disconnect_if_pub_rejected = true



## Disconnect After Expiration

##

## Value: true | false

## Default: false

disconnect_if_expiry = false



## From where the JWT string can be got

## Value: username | password

## Default: password

from = "password"



## Encryption method

## Value: hmac-based | public-key

## Default: hmac-based

encrypt = "hmac-based"



## HMAC Hash Secret.

##

## Value: String

hmac_secret = "rmqttsecret"

#hmac_secret = "cm1xdHRzZWNyZXQ="



## Secret Base64 Encode

##

## Value: true | false

## Default: false

hmac_base64 = false



## RSA or ECDSA public key file.

##

## Value: File

#public_key = "./rmqtt-bin/jwt_public_key_rsa.pem"

#public_key = "./rmqtt-bin/jwt_public_key_es256.pem"

#public_key = "./rmqtt-bin/jwt_public_key_es384.pem"





## The checklist of claims to validate

##

## Value: String

## validate_claims.$name = expected

##

## Placeholder:

##  - ${username}: username

##  - ${clientid}: clientid

##  - ${ipaddr}: client ip addr

##  - ${protocol}: MQTT protocol version: 3 = 3.1, 4 = 3.1.1, or 5 = 5.0



### Basic Validation

## > Validate the token's expiration by comparing the exp claim to the current UTC time.

validate_claims.exp = true

## < Ensure the token is not used before its nbf claim.

#validate_claims.nbf = true

## Ensure the token's subject (sub claim) is as expected.

#validate_claims.sub = "user@rmqtt.com"

## Validate the token's issuer by comparing the iss claim to the known issuer.

#validate_claims.iss = ["https://rmqtt.com1", "https://rmqtt.com"]

## Verify that the token's audience (aud claim) matches the intended recipient.

#validate_claims.aud = ["https://your-api.com", "mobile_app", "web_app"]



### Extended Validation

#validate_claims.clientid = "${clientid}"

#validate_claims.username = "${username}"

#validate_claims.ipaddr = "${ipaddr}"

#validate_claims.protocol = "${protocol}"