taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #264 from nats-io/kozlovic-patch-2

Browse Source
This commit is contained in:
Ginger Collison 2021-05-26 17:41:05 -05:00 committed by GitHub
commit d09f89d7f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
nats-server/configuration/mqtt/mqtt_config.md
View File

@ -100,7 +100,15 @@ mqtt {
} }
``` ```
## Authorization of MQTT Users ## Authentication/Authorization of MQTT Users
### Operator mode
In operator mode, all users need to provide a JWT in order to connect. For MQTT clients, it means that you need to pass the JWT token as the MQTT password and use any username since MQTT protocol requires a username to be set if a password is set.
In this mode, NATS clients are required to sign a `nonce` sent by the server using their private key (see [JWTs and Privacy](../securing_nats/jwt#jwts-and-privacy)). Of course MQTT clients cannot do that, therefore, in order for the JWT to be accepted by the server without the need of signing the `nonce`, the JWT has to have the `Bearer` boolean set to true.
### Local mode
A new field when configuring users allows you to restrict which type of connections are allowed for a specific user. A new field when configuring users allows you to restrict which type of connections are allowed for a specific user.