abh
commented
1 year ago (for me an alternative would be a JWT mode where the claim includes the ACL rules, but that seems to be deliberately not supported -- the JS path seems a bit unmaintainable).
Open abh opened 1 year ago
abh
commented
1 year ago (for me an alternative would be a JWT mode where the claim includes the ACL rules, but that seems to be deliberately not supported -- the JS path seems a bit unmaintainable).
iegomez
commented
1 year ago (If I got your question right) It's not possible right now unless you know how Mosquitto is setting up the username and use any backend to do a fixed check, and correctly configuring whatever backend you need when worrying about ACLs.
And you're right about your assessment in https://github.com/iegomez/mosquitto-go-auth/issues/113#issuecomment-1369565310, "pure" JWT checks that include the topics are not yet supported. They might be, but I don't see it happening in the near future unless someone wants to step up.
iegomez
commented
1 year ago Did I get it right? If not, could you clarify?
abh
commented
1 year ago You got it exactly right! I think mosquitto-go-auth covers a bunch of more complex use cases / workflows than what I needed, so I don't know if my feature request is appropriate for this project.
I use mTLS for authenticating to mosquitto and setting up the username.
Is it possible to have a configuration (custom plugin or http) that does only the ACL check?