Open jonathan-dev opened 1 year ago
Hi @jonathan-dev , thanks for your suggestion.
It's already possible to define ACL rules directly in the JWT, and also custom claims to be checked in the JWT. For reference: https://www.emqx.io/docs/en/latest/access-control/authn/jwt.html
If you mean something else, please clarify what your use case. A few concrete examples might be helpful as well.
I figured that there is some similar functionality (the link you sent). I was thinking about being able to have a claim of group name that I could use as a topic placeholder like it's possible with ${clientid}
and ${username} currently.
What is the reason the the topic placeholders are only restricted to those two things?
As we can see from the example "testall3/#"
is not a template (or a template without placeholders)
Could you be more specific about “group name”?
The group name just stands for any custom jwt claim. So for example I want to have the claim group=123
and have users with that claim being able to write to all topics prefixed by that group /123/#
and write that as ${group}
.
I don't know if there are some caveats with that that I don't know or other reason why this is not a desirable feature or even maybe a bad idea.
I just thout that it would make the rules quite a bit more flexible
What would you like to be added or enhanced?
I would like to be able to use custom JWT claims to specify access rules in the ACL (in addition to just using Client ID or Username)
Why is this needed?
This is needed to give more flexibility to represent complex sets of permission (or to write them down in a simpler way)