Paul- What i am currently doing is actually using the password as a dummy field and passing a token/uid in the uid field with a delimiter (i use a colon) that i can split on in python since it's just a string. That way you can check the token on every message. Using a large uid does kinda defeat the purpose of using mqtt that tries to keep the overhead to a minimum, but sometimes you gotta do what you gotta do. :)
It is probably a good idea to cache your tokens locally in memcache or something so that your server can make a quick local call. I haven't implemented that yet, but i may do so in the near future. john > Date: Sat, 7 Jun 2014 21:18:50 +0100 > Subject: Re: [Mosquitto-users] Authentication > From: ro...@atchoo.org > To: p...@fremantle.org > CC: jrdup...@hotmail.com; mosquitto-users@lists.launchpad.net > > Hi Paul, > > Interesting! My initial response is that it's a daft idea to give the > password at each published message, but it's certainly something that > could be considered. I'd be interested to hear what others thought > about it. > > Cheers, > > Roger > > > > On Wed, Jun 4, 2014 at 6:03 PM, Paul Fremantle <p...@fremantle.org> wrote: > > Roger > > > > While we are discussing the auth plugin, I had an issue. > > > > I'm using the uid/pw to pass over an OAuth2 token. During each pub/sub > > validation, I need to extract a scope from the token and check it. BTW I'm > > using the Python plugin, so this may be an issue with the python interface, > > but I think its the same on the C interface. > > > > Basically, I wanted to pass the token in the pw field, but I only get the pw > > during the connect validation. The result is I'd need to cache the uid/pw in > > the connect phase, and then key off the uid at pub/sub validation time. It > > would be much more convenient if you could pass the pw over with each > > validation. But maybe you don't want to store the password hence you only > > pass it over at connect validation? > > > > Thoughts? > > > > Paul > > > > > > On 4 June 2014 09:05, Roger Light <ro...@atchoo.org> wrote: > >> > >> Hi John, > >> > >> You could also take a look at this plugin: > >> https://github.com/jpmens/mosquitto-auth-plug/ > >> > >> FWIW, it's MQTT that forces you to connect before publishing, not > >> mosquitto. > >> > >> Cheers, > >> > >> Roger > >> > >> On Tue, Jun 3, 2014 at 11:55 PM, John DuPaix <jrdup...@hotmail.com> wrote: > >> > Quick question. I would like to use an auth plugin to verify a > >> > username/password when someone establishes a connection with my > >> > mosquitto > >> > server. Once they are connected they are able to publish to any topic > >> > and > >> > subscribe to only specific ones. I know that i can use acl to make sure > >> > they subscribe to only the permitted ones. The question i have is this - > >> > Does a user have to connect before they can publish? For example, is it > >> > it > >> > possible for a user to issue a "publish" command using a valid > >> > username/password before they issue a "connect" command to mosquitto? > >> > Does > >> > the same apply to "subscribe"? Or does mosquitto force users to always > >> > "connect" before they do anything? > >> > > >> > -- > >> > Mailing list: https://launchpad.net/~mosquitto-users > >> > Post to : mosquitto-users@lists.launchpad.net > >> > Unsubscribe : https://launchpad.net/~mosquitto-users > >> > More help : https://help.launchpad.net/ListHelp > >> > > >> > >> -- > >> Mailing list: https://launchpad.net/~mosquitto-users > >> Post to : mosquitto-users@lists.launchpad.net > >> Unsubscribe : https://launchpad.net/~mosquitto-users > >> More help : https://help.launchpad.net/ListHelp > > > >
-- Mailing list: https://launchpad.net/~mosquitto-users Post to : mosquitto-users@lists.launchpad.net Unsubscribe : https://launchpad.net/~mosquitto-users More help : https://help.launchpad.net/ListHelp
