External authentication and authorization application

[Jon Situmorang]

Hi,

I know VerneMQ has a built in database authentication and authorization, but is it there a way to have an external authentication and authorization app to verify and authorize clients on behalf of the broker?

I was thinking Webhook may be the answer but isn't it designed to be one-way communication from the broker to another service upon which the processes in the broker do not rely? 

Regards,

Jon

[André Fatton]

Hi Jon,

You'd have to develop a specific plugin for that. You likely have some specific authorization app in mind; but on a more general level, "on behalf" authorization sounds like OAuth2/JWT. In other words: token based authorization, with the actual ACL as part of the claims in the token.

In VerneMQ, all the hooks are there (auth_on_register, auth_on_publish, auth_on_subscribe), but there's no official (ie generic) OAuth2 plugin.

Hope this helps,

André