|
|
|
|
|
|
by fuhry
1959 days ago
|
|
|
My approach with a recent personal project (i.e. no actual scaling required) was to have the MQTT server just listen on localhost. Application connects without TLS on the loopback interface. Clients connect over WebSocket (TLS) using their existing OAuth access token as the username and "x" as the password. The application involves an API as well so client credentials are already in use. I used jpmens/mosquitto-auth-plug <https://github.com/jpmens/mosquitto-auth-plug> for the Mosquitto side of things, with a query along the lines of: SELECT "hardcoded password hash" FROM oauth_access_tokens WHERE access_token = "%s" AND scope REGEXP "\bmqtt\b";
|
|
|