Feature Request: authenticate username with jwt
aruldd opened this issue · comments
aruldd commented
Currently, the jwt lets the user access all the topics since the username is not a criterion.
It will help if we can isolate the topics accessible too.
Rajiv commented
+1
Gilbert commented
I suppose that the feature you want is acl
, this acl
could be configured in acl.conf in emqx/etc. this plugin is just for authentification not acl.
Rajiv commented
The thing here is that if I have a valid JWT token, and if I know another username than my own, I can use this JWT to authenticate as the other user (any user actually, just need one valid JWT)