JWT Authentication flow - Client credentials grant

Hi all,

While reading the documentation, it is actually not clear how the jwt-realm should be configured in terms of minimum requirements to get the security extension available for Client Credentials grant and without using a SQL Server data storage.

To give you a context, I do have a Federation Server (Ory Hydra) and a Client configured already (Access token generated). Now, it is clear that the extension needs to be a jwt-realm and also specification about jwks and introspection endpoints. The issue for this scenario is that the systems prompts the next:

2023-11-14 15:22:53,753 INFO  - Started HiveMQ Enterprise Security Extension successfully in 202ms.
2023-11-14 15:22:53,753 INFO  - Extension "HiveMQ Enterprise Security Extension" version 4.22.0 started successfully.
2023-11-14 15:22:53,755 WARN  - No security extension present, MQTT clients can not connect to this broker.

I hope i am not too lazy on this, but to be honest i could not found any clear example how can this be configured correctly without using any sql database but only a federation server.

Also, every time I include a pipeline option, it always ask for sql, authentication preprocesor and more you probably know. This happens when using only jwt-authentication-manager.

It is possible you guys can help to get a clear configuration in order to succeed on this for testing purpose before purchasing a Enterprise license?

Thanks in advance.

Hi @daniel.dg.gutierrez ,

For testing purposes, you can get rid of the SQL realm and allow to authorize all authenticated clients:

<?xml version="1.0" encoding="UTF-8" ?>
        <!-- a oauth provider-->
        <!-- secure access to the mqtt broker -->
        <listener-pipeline listener="ALL">
            <!-- authenticate with provided jwts -->
                    <exp-grace disconnect-after-expiry="true">300</exp-grace>
            <allow-all-authorization-manager />

I hope it helps.
Kind regards,
Dasha from HiveMQ Team