mosquitto-jwt-auth

Simple Plugin for Mosquitto which enables authentication and authorisation via JWT as MQTT password.

Requires at least Mosquitto v1.6.3

Configuration

| Property | Valid values | Usage | |--------------------|------|-------| | auth_opt_jwt_alg | HS256, HS384, HS512, ES256, ES384, RS256, RS384, RS512| Sets the algorithm of the JWT signature | | auth_opt_jwt_sec_file | <enviroment variable name> | Path to the file which contains the secret used for verification of the signature. Should be DER-encoded for RSA | | auth_opt_jwt_sec_env | <enviroment variable name> | Name of the environment variable which contains the base64 encoded secret used for verification of the signature. | | auth_opt_jwt_sec_base64 | <base64-encoded-secret> | Base64 encoded secret used for verification of the signature. | | auth_opt_jwt_validate_exp | (default) true, false | true if the exp claim / the expiry date of the JWT should be validated | | auth_opt_jwt_validate_sub_match_username | (default) true, false | true if the MQTT username has to be the same as specified in the sub claim |

Custom Claims

• publ (Optional) Contains the Topics(filters) the client is allowed to publish in

• subl (Optional) Contains the Topics(filters) the client is allowed to subscribe to

  { "sub": "mqttUser", "iat": 1516239022, "exp": 1616239022, "subs": ["/+/topic", "/abc/#"], "publ": ["/abc"] }