Maybe your passwords are not correctly set. When passwords are given and anonymous access is not allowed, either a wrong user/pass combination or no user/pass given will fail. Regarding this, here’s a summary table taken from http://www.steves-internet-guide.com/mqtt-username-password-example/:
Anonymous access
Password file Specified
Access Restricted
True
No
No
True
Yes
Yes See Note 1
False
No
Yes -see Note 2
False
Yes
Yes
Note1: If a password file is specified then if the client sends a username/password then it must be valid other wise an authentication error is returned. If it doesn’t send one then none is required and a normal connection results.
Note 2: The client must send a Username and password, but it is not checked. If the client doesn’t send a username/password then and authentication error code is generated.
I’m glad you worked it out. The data received is already decrypted but base64 encoded. Just decode it (using a script, an online base64 encoder/decoder, etc.) to get the original bytes sent by the device. Also, check this for information about sending and receiving data: https://docs.loraserver.io/lora-app-server/integrate/data/.