AUTH packet support for custom authentication


Does HiveMQ support AUTH packet introduced in MQTT 5 ? I am planning to use a custom authentication mechanism: MQTT servers sends a nonce, client sends it back signed using RSA, server verifies the signature. I can’t use normal CONNECT here, because there is no way to send nonce to the client.
I could also use timestamp instead of nonce (then CONNECT is good enough), but this would fail in case of clock desynchronisation.

Hi Jakub,

thank you for your patience.

We plan to introduce an authenticator in the extension system which allows to implement arbitrary authentication mechanisms that require challenge/response AUTH packet flows. Currently there is no timeline when this will be available.


Since v4.3.0 of the hivemq-extension-sdk the enhanced authentication is included. Just implement the EnhancedAuthenticator interface and register it within your extension.


Thank you, that’s exactly what I need.

You are welcome. Btw: Check out our paper, which was created during our BSc thesis. It describes exactly an aproach you want to implement. We used the EdDSA (elliptic curves), which produces smaller and more efficient signatures than RSA.

Hi @JakubS,

a little side note.
The AUTH mechanism can currently only be used with HiveMQ 4.3.0, that means if you use the Community Edition you won’t be able to use it with yet.
The upcoming Community Edition version will contain the AUTH mechanism, or if you need this feature now you could build a snapshot version of the CE (

Michael from the HiveMQ team

Thanks, I will use a snapshot for now.

Hi @JakubS,

and just one day later… you can download the newest HiveMQ CE version 2020.1:

Here is the documentation for the enhanced authenticator.

Michael from the HiveMQ team

1 Like