Does HiveMQ support AUTH packet introduced in MQTT 5 ? I am planning to use a custom authentication mechanism: MQTT servers sends a nonce, client sends it back signed using RSA, server verifies the signature. I can’t use normal CONNECT here, because there is no way to send nonce to the client.
I could also use timestamp instead of nonce (then CONNECT is good enough), but this would fail in case of clock desynchronisation.
We plan to introduce an authenticator in the extension system which allows to implement arbitrary authentication mechanisms that require challenge/response AUTH packet flows. Currently there is no timeline when this will be available.
Since v4.3.0 of the hivemq-extension-sdk the enhanced authentication is included. Just implement the EnhancedAuthenticator interface and register it within your extension.
You are welcome. Btw: Check out our paper, which was created during our BSc thesis. It describes exactly an aproach you want to implement. We used the EdDSA (elliptic curves), which produces smaller and more efficient signatures than RSA.
a little side note.
The AUTH mechanism can currently only be used with HiveMQ 4.3.0, that means if you use the Community Edition you won’t be able to use it with yet.
The upcoming Community Edition version will contain the AUTH mechanism, or if you need this feature now you could build a snapshot version of the CE (https://github.com/hivemq/hivemq-community-edition#building-the-binary-package).