Token based authentication for MQTT Broker

Question

I want to implement a token based Authentication mechanism for clients of a MQTT broker.

I must have client token provisioning as a separate service, then in the CONNECT message sent from the client, I intend to include the token.

Then ideally the broker should authenticate from the identity/token provider and send the CONNACKaccordingly.

1. I have considered mosquitto , RabbitMQ and MOSCA so far. What would be the ideal broker for the scenario above?
2. Are there any loopholes or improvements to the scenario I described?

Answer 1

You can use a MQTT broker which supports a plugin system in order to implement your requirements. The brokers you mentioned are open source, so you can always modify the source code to meet your requirements if you can't use your own plugins. At least mosquitto and mosca seem to have basic support for these kind of integrations.

Since you asked for a specific broker product: I would add HiveMQ to your evaluation, it's not open source, though. However, it has an open source plugin system (it's trivial to implement the use case you described) with very good documentation and a ton of examples. Check out the following Github repository, it implements your exact use case. :)

It's not clear if you also need authorization in your scenario. In case you want to learn more about MQTT and authentication/authorization, check out these three links.

Obligatory disclaimer: I work for the company behind HiveMQ,