Assign Role when using JSON Web Tokens in HiveMQ Cloud

nicknick · December 9, 2024, 2:58am

We want to use JSON Web Tokens for security but assigning a Role to a client does not seem to be documented anywhere.

We want to have a default Role that allows nothing (deny all), and then have 2 Roles:

admin: basically the same as Allow All
customer: limited to subscribing to a certain topic

How do we assign the correct Role when creating the JWT for the client to use to connect? We have tried building the JWT with a “role” field, as well as using the “scope” and “sub” fields. None of those seem to work correctly.

Diego · December 11, 2024, 5:47pm

Hello @nicknick

Welcome to the HiveMQ Community! Could you clarify what JWKS endpoint solution you’re using, or are you implementing a custom build?

Kind regards,
Diego from HiveMQ Team

nicknick · December 11, 2024, 7:00pm

After talking via email with support, it sounds like this isn’t possible in the Cloud product, and we need to use the Enterprise version instead. That supports the “role defined in JWT” (or something similar).

Topic		Replies	Views
JWT Authentication flow - Client credentials grant HiveMQ Community Edition	1	425	November 15, 2023
HiveMQ Security Course / Tutorials?	8	470	November 19, 2023
Scope validations in jwt token - client credentials grant	1	359	November 23, 2023
Using JWT authentication on Hive cloud cluster HiveMQ Cloud	13	35	September 16, 2024
JWT Authorization	4	517	December 7, 2023

Assign Role when using JSON Web Tokens in HiveMQ Cloud

Related topics