search

wiomoc / mosquitto-jwt-auth

Mosquitto Auth Plugin which enables authentication via JWTs and authorisation via ACLs stored in JWT claims
MIT License
40 stars 12 forks source link

ACL: Support for client id and username #10

Open uwohlfeil opened 3 years ago

uwohlfeil commented 3 years ago

Is it possible to add support for Username / Client ID in the ACLs?

Mosquitto Docs

%c to match the client id of the client
%u to match the username of the client

The patterns available for substition are:

    %c to match the client id of the client

    %u to match the username of the client

The substitution pattern must be the only text for that level of hierarchy. Pattern ACLs apply to all users even if the "user" keyword has previously been given.

Example:

pattern write sensor/%u/data

Allow access for bridge connection messages:

pattern write $SYS/broker/connection/%c/state
abh commented 1 year ago

I expected this to work, but other than not being explicitly documented (I think) I am not missing it. In my case I have code anyway to generate the claims, so it's trivial to have that code just "spell out" the ACLs with the explicit username.