Skip to content

MQTT topics with path parameters required to match guarded identity#1387

Merged
jfallows merged 2 commits intoaklivity:developfrom
epieffe:feature/mqtt-topic-param
Apr 14, 2025
Merged

MQTT topics with path parameters required to match guarded identity#1387
jfallows merged 2 commits intoaklivity:developfrom
epieffe:feature/mqtt-topic-param

Conversation

@epieffe
Copy link
Contributor

@epieffe epieffe commented Jan 29, 2025

The goal of this PR is to allow secure access to some MQTT client specific topics for publish and/or subscribe.

For publish or subscribe routes:

  • mqtt server can define path parameters for any segment in a topic name
  • mqtt server can enforce that a path parameter matches the client's guarded identity (e.g. via jwt guard)

Example configuration:

mqtt_server0:
  type: mqtt
  kind: server
  routes:
    - when:
        - publish:
          - topic: taxi/{id}/location
            params:
              id: ${guarded['jwt'].identity}
        - subscribe:
          - topic: taxi/{id}/update
            params:
              id: ${guarded['jwt'].identity}
      exit: mqtt_kafka_proxy0

Fixes #1382

jfallows
jfallows requested changes Feb 6, 2025
View reviewed changes
jfallows
jfallows requested changes Feb 17, 2025
View reviewed changes
jfallows
jfallows previously approved these changes Mar 10, 2025
View reviewed changes
@jfallows jfallows merged commit 19dd6ad into aklivity:develop Apr 14, 2025
37 of 41 checks passed
@jfallows jfallows mentioned this pull request Apr 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jfallows jfallows jfallows approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support mqtt topics with path parameters required to match guarded identity

2 participants

@epieffe @jfallows