Authentication & Authorization from JWT¤
amqtt.contrib.jwt.UserAuthJwtPlugin(client authentication)amqtt.contrib.jwt.TopicAuthJwtPlugin(topic authorization)
Plugin to determine user authentication and topic authorization based on claims in a JWT.
User Authentication¤
For auth, the JWT should include a key as specified in the configuration as user_clam:
from datetime import datetime, UTC, timedelta
claims = {
"username": "example_user",
"exp": datetime.now(UTC) + timedelta(hours=1),
}
dataclass
¤
Configuration for the JWT user authentication.
class-attribute
instance-attribute
¤
algorithm: str = 'HS256'
Algorithm to use for token encryption: 'ES256', 'ES256K', 'ES384', 'ES512', 'ES521', 'EdDSA', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512'
Topic Authorization¤
For authorizing a client for certain topics, the token should also include claims for publish, subscribe and receive;
keys based on how publish_claim, subscribe_claim and receive_claim are specified in the plugin's configuration.
from datetime import datetime, UTC, timedelta
claims = {
"username": "example_user",
"exp": datetime.now(UTC) + timedelta(hours=1),
"publish_acl": ['my/topic/#', 'my/+/other'],
"subscribe_acl": ['my/+/other'],
"receive_acl": ['#']
}
dataclass
¤
Configuration for the JWT topic authorization.
class-attribute
instance-attribute
¤
algorithm: str = 'HS256'
Algorithm to use for token encryption: 'ES256', 'ES256K', 'ES384', 'ES512', 'ES521', 'EdDSA', 'HS256', 'HS384', 'HS512', 'PS256', 'PS384', 'PS512', 'RS256', 'RS384', 'RS512'
instance-attribute
¤
publish_claim: str
Payload key for contains a list of permissible publish topics.
instance-attribute
¤
receive_claim: str
Payload key for contains a list of permissible receive topics.
instance-attribute
¤
subscribe_claim: str
Payload key for contains a list of permissible subscribe topics.