mcollina
commented
7 years ago You need to pass a username and password, or maybe use JWT, see https://auth0.com/docs/tutorials/authenticating-devices-using-mqtt
Closed robertsLando closed 7 years ago
mcollina
commented
7 years ago You need to pass a username and password, or maybe use JWT, see https://auth0.com/docs/tutorials/authenticating-devices-using-mqtt
robertsLando
commented
7 years ago JS files are visible in the sources of html so everyone can see the username and the password used to connect the user, the same happens If I use a JWT.
mcollina
commented
7 years ago each user should have its own username/password or JWT token. You can also access the cookies if you need to.
robertsLando
commented
7 years ago Solved! I have used the example you have explained in Mosca Auth section, I have used user email and the hashed password for the auth of MQTT clients (so the psw is not in clear text) , if the auth is ok I assign to the client the ID of the user in my MONGO DB and each topic will start with "user/:userID" so each client once is authenticated can only pub/sub in topics related to his related sensor (example: user/:userID/sensor/:sensorID/temperature) . Thanks for the fast replay Matteo and sorry for the "stupid" question, my fault 😊
I'm using Mosca broker in a Node.js application for Home automation and I use MQTT to comunicate with sensors and MQTT over websockets for users dashboards. When using MQTT.js in web application I need to authenticate the user but everyone can read the JS file with the code used for user authentication so how can I make the connection to my broker secure from unauthorized subscribers?