mosquitto-jwt-auth icon indicating copy to clipboard operation
mosquitto-jwt-auth copied to clipboard
verified publisher icon wiomoc

ACL: Support for client id and username

Open uwohlfeil opened this issue 5 years ago • 1 comments

Is it possible to add support for Username / Client ID in the ACLs?

Mosquitto Docs

%c to match the client id of the client
%u to match the username of the client

The patterns available for substition are:

    %c to match the client id of the client

    %u to match the username of the client

The substitution pattern must be the only text for that level of hierarchy. Pattern ACLs apply to all users even if the "user" keyword has previously been given.

Example:

pattern write sensor/%u/data

Allow access for bridge connection messages:

pattern write $SYS/broker/connection/%c/state

uwohlfeil avatar Nov 30 '20 18:11 uwohlfeil

I expected this to work, but other than not being explicitly documented (I think) I am not missing it. In my case I have code anyway to generate the claims, so it's trivial to have that code just "spell out" the ACLs with the explicit username.

abh avatar Jan 03 '23 10:01 abh