Authentication
Authentication is the process of verifying the identity of a client. It is an essential part of most applications and can help to protect our services from illegal client connections.
EMQX Edge supports two authentication mechanisms to verify the client connections:
Build-in file – Username and Password based Authentication.
HTTP query – It runs a HTTP query against your configured Authentication server.
Only clients that pass this check are allowed to connect.
Build-in file
EMQX Edge supports simple, widely-used password authentication. This means that when a client connects, it must provide login credentials—a username and the matching password—to prove its identity.
Username and password list
The username and password list displays all the username and password pairs already added.
Add a new username and password pair
In the top-right corner of the username and password list page, you'll find an "Add" button. Clicking this will take you to the username and password creation wizard where you can set up a new username and password.
Delete a username and password pair
Clicking the delete button in Action column. The corresponding username and password pair will be deleted.
HTTP Query
Authentication HTTP Query
Authentication HTTP Query is the process of verifying the identity of a client against HTTP Query.
When a client connect to EMQX Edge. A HTTP request constructed by following Method, Headers and Parameters that will be sent to your authentication server URL. EMQX Edge will accept this connection when the status of HTTP response is 200. Otherwise EMQX Edge will close it.
Method
Specifies the HTTP request method for the corresponding request. This could be either POST or GET. Default: POST.
URL
Specifies the HTTP URL API path for the corresponding request. Example: http://127.0.0.1:80/mqtt/auth.
Headers
Specify the data in the HTTP request header.
Available Keys
content-type: The content-type header is used to indicate the media type of the resource that the request sends to the server. And the corresponding value should beapplication/x-www-form-urlencodedorapplication/json.accept: It's a optional header. You can set other headers likecookieanddate. And all these headers will be sent withcontent-type.
Parameters
Specifies the parameters used to construct the request body or query string parameters
Available Keys
- clientid: MQTT Client ID
- username: MQTT Username
- password: MQTT Password
These keys are not supported yet.
- ipaddr
- sockport
- protocol
- common
- subject
Available Values
%c: Client ID%u: Username%P: Password
These values are not supported yet.
%a: Client's network IP address%p: Server port for client connection%r: The protocol used by the client can be:mqtt, mqtt-sn, coap, lwm2m and stomp%C: Common Name in client certificate%d: Subject in client certificate
SuperUser Query
EMQX Edge has same super user mechanisms like EMQX. It simplify the configuration for the authorization system. A super user role has preset permissions facilitate the follow-up publish/subscribe authorization steps.
When the MQTT client try to subscribe or publish to EMQX Edge. A HTTP request constructed by following Method, Headers and Parameters that will be sent to your authentication server URL. EMQX Edge will allow this subscribe or publish when the status of HTTP response is 200. Otherwise EMQX Edge will deny it.
Method
Specifies the HTTP request method for the corresponding request. This could be either POST or GET. Default: POST.
URL
Specifies the HTTP URL API path for the corresponding request. Example: http://127.0.0.1:80/mqtt/superuser.
Headers
Specify the data in the HTTP request header.
Available Keys
content-type: The content-type header is used to indicate the media type of the resource that the request sends to the server. And the corresponding value should beapplication/x-www-form-urlencodedorapplication/json.accept: It's a optional header. You can set other headers likecookieanddate. And all these headers will be sent withcontent-type.
Parameters
Specifies the parameters used to construct the request body or query string parameters
Available Keys
- clientid: MQTT Client ID
- username: MQTT Username
- password: MQTT Password
- topic: The topic in MQTT packets
- access: The type of MQTT Packet. 1 -> A Subscribe Request. 2 -> A Publish Request
These keys are not supported yet.
- ipaddr
- mountpoint
- sockport
- protocol
- common
- subject
Available Values
%c: Client ID%u: Username%P: Password%t: Topic%A: Type of MQTT Packet
These values are not supported yet.
%a: Client's network IP address%m: Mountpoint%p: Server port for client connection%r: The protocol used by the client can be:mqtt, mqtt-sn, coap, lwm2m and stomp%C: Common Name in client certificate%d: Subject in client certificate