Hi, I’m using the Enterprise Security Extension as trial. I’ve setup JWT authentication with Okta following this tutorial:
This works, so when using some MQTT client I can publish/subscribe using the bearer token retrieved from Okta as “password”. I can’t get the authorization part to work though, all SQL should be configured correctly, I’ve been following this:
Not sure what could be wrong here. The ESE comes with a sample config that pretty much reflects what I want to do (using JWT for authentication and SQL for authorization):
However I don’t understand how HiveMQ verifies authorization, I’d have expected this is based on username supplied by MQTT client. So if username is the same as in SQL USERS table authorization should succeed, if not it should fail. Does not seem to be this way though. Could it be that for successful authorization there needs to be some information in the bearer token?