Hi,
I recently started using cloud cluster and I am trying to use the JWT authentication using React Websocket. I used my NestJS backend to create an endpoint to generate the JWKs. I can’t seem to understand how to configure it right. I am unable to connect to the cluster. I would appreciate a guide to achieve this.
Thanks in advance.
Hello @sai.dasari
Welcome to the HiveMQ Community! Could you please confirm if your JWKS Endpoint (NestJS backend) is publicly available and reachable over the Internet? Additionally, have you had an opportunity to review this article Step Up Your MQTT Security with JWT Authentication on HiveMQ Cloud Starter?
Kind regards,
Diego from HiveMQ Team
Hi @Diego , thank you for replying to my question, The URL that provides JWK endpoint is
https://video-stream-server-d5tydko3na-uc.a.run.app/hivemq-jwk
and I am not able to connect using the token.
trying to connect from the client using below code
client = paho.mqtt.client.Client()
# Enable TLS for the connection
client.tls_set(tls_version=mqtt.client.ssl.PROTOCOL_TLS)
client.username_pw_set(username=jwt_token)
# client.username_pw_set(username=jwt_token)
client.on_connect = on_connect
client.on_message = on_message
# Connect to the broker
client.connect(broker_url, broker_port)
Correct me if I am doing something wrong. Thanks
Hello @sai.dasari
You’re welcome, the key factor here is ensuring the correct password along with the proper Access Token. I recommend testing your custom NestJS JWKS Endpoint setup with an MQTT client tool first, such as the HiveMQ MQTT CLI. You can use the sample command provided below.
mqtt pub -h TYPE_YOUR_CLUSTER_URL -p 8883 -s -pw "TYPE_YOUR_TOKEN" -t 'my/test/topic' -m 'Testing JWT Auth' -v
Kind regards,
Diego from HiveMQ Team
Hi @Diego ,
Is the provided end point generating a valid response in the required format for the cluster?
I tried the sample command provided and it gives me not authorized.
Response: Unable to connect. Reason: 'CONNECT failed as CONNACK contained an Error Code: NOT_AUTHORIZED.
This is my cluster setup where I pass strings for the claim aud and sub and integer for exp
For troubleshooting purposes, could you please provide a valid JWT token? Additionally, could you confirm the URL of your HiveMQ Cloud Cluster?
Kind regards,
Diego from HiveMQ Team
@Diego
URL for cloud cluster: optoscale-o61103.a03.euc1.aws.hivemq.cloud
JWT: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.eyJzdWIiOiJpb3RfZGV2aWNlIiwiYXVkIjoib3B0b3NjYWxlIiwiZXhwIjoxNzI1NTQ2MzYwfQ.UHBW0Y2z5gNQUdlt3j-lK_Inpmr48c7aPtoCJ4gfNF59xCpOBvc1Hrbqx06_AYcg74QBfSLBFsWobAzhny29xydX1Cz1ZSx-mx0absvlfnnNLkRbD5YCXK595M4SXrgiAt5Gp2RzTCU1-asCErAZ9Mx6HHYLI_ScHzU9Q2QSKRyv9acU4FzaiviAgzrhe3XGhywZ9G_Pq5Q4fciOCMmkCJ2Rihz8GTQyQ2JkGGSyfYZwLj2Pd6nhM8VJMN7TRcr9l-bgcq3gmm-h3D8c52e2zfmtVuejevoAFuujBXUIhNuEi1bc0pxqWVVJHUQ9FkZ4otY8IjW4gxSvyhi-IU_phg
Not sure, if I am generating valid tokens. Is this safe tom post here?
The token has a limited access lifetime, and you can expire all tokens by restarting your NestJS JWKS Endpoint application. It appears that the token that your application is generating is not valid. You can view an example of a valid token using this JWT Debugger tool link.
Kind regards,
Diego from HiveMQ Team
Thank you @Diego . If you can provide a best practice guide for HiveMQ-JWT integration using any technology, I would highly appreciate it. Any resource that you think is relevant would be appreciated, thank you.
Hello @sai.dasari
I can provide you with documents that offer further insights into HiveMQ and JWT. Additionally, you can create a free developer account on Auth0 to run tests using their platform. I frequently use it in my labs, it very useful.
Kind regards,
Diego from HiveMQ Team
Thank you @Diego . I appreciate the guidance. I will reach out in case I face any further issues.
@Diego Do I need to use Enterprise security extention to implement JWT based authentication for cloud starter or Can I follow the path that I was following before?
Hi @Diego , I am generating valid token but still I am getting NOT_AUTHORIZED.
URL for endpoint: https://video-stream-server-d5tydko3na-lz.a.run.app/hivemq-jwk
I have removed all the claims in the JWT config of broker
Tried the command
mqtt pub -h optoscale-o61103.a03.euc1.aws.hivemq.cloud -p 8883 -s -pw “TOKEN” -t ‘my/test/topic’ -m ‘Testing JWT Auth’ -v
Is there a way to check the logs of the broker?
Closing this thread since the issue scope has now been fully addressed through a support ticket.
Kind regards,
Diego from HiveMQ Team
