auth0 authentication plugin for Mosquitto (and other brokers)

[Stefano Costa]

auth0 (https://auth0.com/) is an interesting "authentication as a service" offering, with fair prices and a free plan. I'd like to investigate on using auth0 as a backend for clients authentication in a Mosquitto based messaging structure. Everything seems to boil down to preparing an extension for Mosquitto auth scheme (starting point could be JPMens plugin) and an application note from auth0 exits that makes reference to the Mosca js broker:

https://auth0.com/docs/tutorials/authenticating-devices-using-mqtt

Before trying to code and test it I'd like to read your comments / feedbacks if any experience exists on this.

--
  Stefano Costa
  https://www.bluewind.it

[Paul Fremantle]

Stefano

I did an OAuth2 plugin for Mosquitto a while back. It was pretty bad but it worked. I used the Python security extension code (https://github.com/mbachry/mosquitto_pyauth).

Here is my code. Yes I am ashamed of it, but I knocked it up as a PoC so you'll have to forgive me!

https://github.com/pzfreo/stuff/blob/master/mosquitto_oauth/mqtt-auth-oauth2.py

It uses the OAuth2 Introspection API.

I have also built a new model that allows you to put a gateway between any client and any server. The gateway (IGNITE) calls out to the OAuth2 system to validate the credential and also applies scopes to publish and subscribe operations (access control). 

Let me know if you are interested in that code, which is written in node.js.

I believe that OAuth is based on OAuth2 so all of this should be quite relevant.

Paul

--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+unsubscribe@googlegroups.com.
To post to this group, send email to mq...@googlegroups.com.
Visit this group at https://groups.google.com/group/mqtt.
For more options, visit https://groups.google.com/d/optout.

--

Paul Fremantle

Doctoral Researcher, University of Portsmouth, School of Computing

Visiting Scientist, Institute of the Architecture of Application Systems, Stuttgart

Visiting Lecturer, Software Engineering Programme, Oxford University

Co-Founder, WSO2
Apache Member and Committer

email: paul.fr...@port.ac.uk, pa...@fremantle.org

twitter: pzfreo / skype: paulfremantle / blog: http://pzf.fremantle.org

[Stefano Costa]

On 16/01/2017 12:07, Paul Fremantle wrote:
> Stefano
>
> I did an OAuth2 plugin for Mosquitto a while back. It was pretty bad
> but it worked. I used the Python security extension code
> (https://github.com/mbachry/mosquitto_pyauth).
>
> Here is my code. Yes I am ashamed of it, but I knocked it up as a PoC
> so you'll have to forgive me!
>
> https://github.com/pzfreo/stuff/blob/master/mosquitto_oauth/mqtt-auth-oauth2.py
>
> It uses the OAuth2 Introspection API.
>
> I have also built a new model that allows you to put a gateway between
> any client and any server. The gateway (IGNITE) calls out to the
> OAuth2 system to validate the credential and also applies scopes to
> publish and subscribe operations (access control).
>
> Let me know if you are interested in that code, which is written in
> node.js.
>
> I believe that OAuth is based on OAuth2 so all of this should be quite
> relevant.
>
> Paul

Thanks Paul,
I'll give this a look and let you know
S

--
Stefano Costa, Managing Director R&D
Bluewind Embedded Systems
M +39 335 6565749
http://t.me/stefanoco
http://www.bluewind.it