Extended Authorization
Extended authorization enables users to authorize using their own services, supporting external databases such as MySQL and Redis as data sources, or connecting to an HTTP service for authorization.
Note
Extended authorization is not supported in EMQX Serverless deployments.
Extended Authorization Data Sources
Note
Although a maximum of two extended authorizations is supported, it is recommended not to use multiple extended authorizations simultaneously for performance reasons.
Authorization Order
After adding extended authorization data sources, you can sort them, supporting a custom authorization chain: drag and arrange the authorization data source icons to configure the authorization order.
In the extended authorization page, click Authorization order to enter the order page. The deployment will perform authorization checks in the order from left to right. By default, the most recently added authorization is placed first, and the default authorization is placed last.
- Actions are matched with permissions, allowing or denying client operations based on permissions
- If actions do not match with permissions, the check is passed to the next authorization checker Custom authorization chain: Authorization data source icons can be dragged and arranged left and right to sequence the authorization order.
Enable Authorization Whitelist Mode
When the whitelist mode is enabled, all users are prohibited from subscribing and publishing by default. Clients need to be granted authorization to perform subscription and publishing actions.
Follow the steps in Enable Authorization Whitelist Mode to set up default authorization. After adding an extended authorization data source, go to the extended authorization page and click Authorization Order to enter the sorting page. Ensure that "Default Authorization" is positioned at the far right in the authorization order to enable whitelist mode.