Thanks to this piece of code I connected my client paho.mqtt and all work as usually however and as I’m always beginner I didn’t understand why I must connected it with the loraserver username and MQTT password attached to this username instead your example this.getToken() and “any”.
Here my javascript function to connect the client:
function MQTTconnect() {
console.log("connecting to "+ host +" "+ port);
mqtt = new Paho.MQTT.Client(host,port,"clientjs");
//document.write("connecting to "+ host);
var that = this;
var sslOption = true;
if(host == "192.168.0.27") {
sslOption = false;
}
var options = {
timeout: 3,
//userName: this.getToken(),
userName: "loraserver",
//password: "any",
password: "loraserver_MQTT_password_plain_text",
useSSL: sslOption,
keepAliveInterval: 3600,
onSuccess: onConnect,
onFailure: onFailure,
};
This behavior is litlle bit boring because if you are connected on localhost you can read my MQTT loraserver password from the webconsole of your browser
For me it works correctly when using the token. Could you start mosquitto manually (sudo mosquitto -c /etc/mosquitto/mosquitto.conf) and try to connect using the token to see what’s the output from the plugin?
Ah, that’s it. The function getToken() is from the lora-app-server’s UI, not a general JS function. My example is an old version of how I modified the default UI to be able to check live data by subscribing to the data topics from mosquitto.
So if you want to test using a JWT token from a generic JS script, you need to provide a valid JWT token for the lora-app-server’s user you intend to authenticate with.
For example, you could open your-host:8080/api (assuming you are using the 8080 defualt) and use the login method to obtain a JWT token given a lora-app-server’s username and password. Then, at your test script, replace userName with that token and password with any string and try to connect. If everything is right, the Postgres backend should authenticate the user correctly and also authorize the correct topics.
I’m struggling to recover a valid JWT token or other , I think follow the good instruction but despite this when I write the JWT token in the api here:
Verifiy signature field corresponds to my jwt_secret from lora-app-server.toml.
I don’t understand what is wrong?
So previously ( there are few weeks) I managed to make the API work but I can’t remember what JWT token I used, I only remember to have follow the same way…
It seems like your lora-app-server or some dependency isn’t working right. Try to make sure that they work and you can load the API frontend before going any further, there could be something wrong that’ll come to bite you later.
That said, the token youe are creating at jwt.io has expiration date of last year, so it won’t work. Try changing exp to something like this 1999653358 (that’s May 14 2033, but anything in the furture is enough).
I think that’s not a problem with the token but with the API frontend itself. As I said, you should make sure that it is rendered correctly, in which case you could just use the login method from it and wouldn’t need jwt.io to generate a token.
Anyway, if the token is correct, it should work when testing the script to connect to mosquitto.
function MQTTconnect() {
console.log("connecting to "+ host +" "+ port);
mqtt = new Paho.MQTT.Client(host,port,"clientjs");
//document.write("connecting to "+ host);
var that = this;
var sslOption = true;
if(host == "192.168.0.27") {
sslOption = false;
}
var options = {
timeout: 3,
//userName: this.getToken(),
userName:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJhdWQiOiJsb3JhLWFwcC1zZXJ2ZXIiLCJuYmYiOjE5OTk2NTMzNTgsImV4cCI6MTk5OTY1MzM1OCwic3ViIjoidXNlciIsInVzZXJuYW1lIjoiYWRtaW4ifQ.Fb9wu9oPp0zUxsWRnklveSIIfIErdcPldBqYBRVJxqc",
password: "any",
useSSL: sslOption,
keepAliveInterval: 3600,
onSuccess: onConnect,
onFailure: onFailure,
};
mqtt.onMessageArrived = onMessageArrived;
mqtt.connect(options); //connect
}
I’m trying to understand with debugger what’s happening it’s tricky for me as I’m not javascript developper and I don’t have any experience with object-oriented programming it’s my luck
Hi, guys, I wanted to warn you about a change I did to the plugin. If you are using the JWT backend, I did a minor but breaking change yesterday: the backend used to expect the username to be the Username field of what was a custom Claims struct. Now it expects the Subject field from the StandardClaims (see github.com/dgrijalva/jwt-go) to contain the username. I’ll probably leave that as default and offer a conf option to change it so it’s compatible with lorasever, which uses Username, but it won’t be until monday or some day next week.
Hi, @julien. I’ve just tested and then pushed the changes. All you need for the plugin to work as usual is to add this option to your conf:
auth_opt_jwt_userfield Username
That will tell the plugin to look for the Username field in the JWT claims instead of the default Subject one.
As I mentioned, the logs that shouldn’t have been there were removed. You only need to rebuild the plugin with make, replace the old .so with the new one (if you are building it on another location, it will be replaced if you build in the same location where mosquitto expects it to be), and then restart mosquitto. Let me know if you have any issue.
@brocaar, I just submitted the PR. I kept it pretty simple and followed the same structure you used to describe mosquitto-auth-plug installation. Just let me know if you need any more detail or modification.
Hi! I just added support for mosquitto 1.5.x and included some little details at the docs with a new PR. I’m sorry I didn’t do it earlier in the original PR, I had to struggle a bit with cgo to get the plugin to compile with the newer version.