2025-08-11 21:38:50 +00:00
|
|
|
# Authentication & Authorization from JWT
|
|
|
|
|
|
|
|
|
|
- `amqtt.contrib.jwt.UserAuthJwtPlugin` (client authentication)
|
|
|
|
|
- `amqtt.contrib.jwt.TopicAuthJwtPlugin` (topic authorization)
|
|
|
|
|
|
|
|
|
|
Plugin to determine user authentication and topic authorization based on claims in a JWT.
|
|
|
|
|
|
|
|
|
|
# User Authentication
|
|
|
|
|
|
|
|
|
|
For auth, the JWT should include a key as specified in the configuration as `user_clam`:
|
|
|
|
|
|
|
|
|
|
```python
|
|
|
|
|
from datetime import datetime, UTC, timedelta
|
|
|
|
|
claims = {
|
|
|
|
|
"username": "example_user",
|
|
|
|
|
"exp": datetime.now(UTC) + timedelta(hours=1),
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
::: amqtt.contrib.jwt.UserAuthJwtPlugin.Config
|
|
|
|
|
options:
|
|
|
|
|
show_source: false
|
|
|
|
|
heading_level: 4
|
|
|
|
|
extra:
|
|
|
|
|
class_style: "simple"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Topic Authorization
|
|
|
|
|
|
|
|
|
|
For authorizing a client for certain topics, the token should also include claims for publish, subscribe and receive;
|
|
|
|
|
keys based on how `publish_claim`, `subscribe_claim` and `receive_claim` are specified in the plugin's configuration.
|
|
|
|
|
|
|
|
|
|
```python
|
|
|
|
|
from datetime import datetime, UTC, timedelta
|
|
|
|
|
|
|
|
|
|
claims = {
|
|
|
|
|
"username": "example_user",
|
|
|
|
|
"exp": datetime.now(UTC) + timedelta(hours=1),
|
|
|
|
|
"publish_acl": ['my/topic/#', 'my/+/other'],
|
|
|
|
|
"subscribe_acl": ['my/+/other'],
|
|
|
|
|
"receive_acl": ['#']
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
::: amqtt.contrib.jwt.TopicAuthJwtPlugin.Config
|
|
|
|
|
options:
|
|
|
|
|
show_source: false
|
|
|
|
|
heading_level: 4
|
|
|
|
|
extra:
|
|
|
|
|
class_style: "simple"
|
