MQTT: make sure that client ID is propagated to authN backends

rabbitmq / rabbitmq-server

Open source RabbitMQ: core server and tier 1 (built-in) plugins

https://www.rabbitmq.com/

Other

12.04k stars 3.9k forks source link

MQTT: make sure that client ID is propagated to authN backends #9322

Closed michaelklishin closed 1 day ago

michaelklishin commented 1 year ago

This is already the case for authZ backends because client_id is a variable available for topic authorization expansion.

Exposing it to authN backends would allow for external HTTP-based services that make authentication decisions based on client ID instead of, or in addition to, username. This can be useful according to some users (who are very passionate, so I will spare you the entire original discussion).

MarcialRosales commented 1 month ago

MQTT plugin already propagate client_id to the authN backends. https://github.com/rabbitmq/rabbitmq-server/blob/main/deps/rabbitmq_mqtt/test/auth_SUITE.erl#L518

The rabbitmq_auth_backend_http also verifies that client_id is actually sent as a request parameter to the http endpoint. https://github.com/rabbitmq/rabbitmq-server/blob/main/deps/rabbitmq_auth_backend_http/test/auth_SUITE.erl#L46 , https://github.com/rabbitmq/rabbitmq-server/blob/main/deps/rabbitmq_auth_backend_http/test/auth_SUITE.erl#L24 , https://github.com/rabbitmq/rabbitmq-server/blob/main/deps/rabbitmq_auth_backend_http/test/auth_http_mock.erl#L21