taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Add operator mode authentication description

Browse Source 
In operator mode, MQTT clients need to provide the JWT through the MQTT password.
This commit is contained in:
Ivan Kozlovic 2021-05-26 10:13:28 -06:00 committed by GitHub
parent e1a50a7945
commit 9c2ca9381d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nats-server/configuration/mqtt/mqtt_config.md
View File

@ -100,7 +100,15 @@ mqtt {
} }
``` ```
## Authorization of MQTT Users ## Authentication/Authorization of MQTT Users
### Operator mode
In operator mode, all users need to provide a JWT in order to connect. For MQTT clients, it means that you need to pass the JWT token as the MQTT password and use any username since MQTT protocol requires a username to be set if a password is set.
In this mode, standard NATS clients are required to sign a `nonce` sent by the server using their private key (see [JWTs and Privacy](../securing_nats/jwt#jwts-and-privacy)). Of course MQTT clients cannot do that, therefore, in order for the JWT to be accepted by the server without the need of signing the `nonce`, the JWT has to have the `Bearer` boolean set to true.
### Local mode
A new field when configuring users allows you to restrict which type of connections are allowed for a specific user. A new field when configuring users allows you to restrict which type of connections are allowed for a specific user.