Closed wade19870531 closed 3 years ago
@wade19870531 This is expected. In operator mode, all connections are required to present a JWT in order to connect. For MQTT clients, it means providing it through the MQTT password (and use any username you want since it is required to have a username if there is a password). As of now, though, the JWT must have the bearer
boolean set to true.
I have a PR for the documentation so the above can be found in the future: https://github.com/nats-io/nats.docs/pull/264
I am also proposing that we remove the bearer
requirement for MQTT clients: https://github.com/nats-io/nats-server/pull/2253, but not sure if this will be accepted, and regardless, this would not be available until a future release, so for now you will have to provide a JWT with bearer
boolean set to true.
Just a note that #2253 is rejected, so you will need to have a JWT with bearer token.
@kozlovic Thanks.
I want to use mqtt with nats super cluster. Two nats clusters and a super cluster were created with gateways with following config.
However, when mqtt client connect to nats server, nats server response not authorised
If nats config remove these section(operator, resolver, system_account, gateway), mqtt client can connect to NATS Server and work.
mqtt sender:
mqtt subscriber:
I also try to connect by mqtt client with nats user, but still not authorised. Do I use a wrong method or any misunderstand? Thanks.
Versions of
nats-server
and affected client libraries used:nats-server: 2.2.5 nats-account-server: 1.0.0 nsc: 2.2.3 natscli: 0.0.23
OS/Container environment:
kubernets 18.5 istio 1.8.0
NATS Server Log: