Comments (4)
tigercl
commented on June 26, 2024
1
@zmstone But EMQX documentation does not mention that the placeholders supported by JWT authn are different from other authn: authentication-placeholders
from emqx.
tigercl
commented on June 26, 2024
After this issue is fixed, there is still a risk of crash.
In function replace_placeholder of module emqx_authn_jwt.erl:
replace_placeholder(L, Variables) ->
replace_placeholder(L, Variables, []).
replace_placeholder([], _Variables, Acc) ->
Acc;
replace_placeholder([{Name, {placeholder, PL}} | More], Variables, Acc) ->
Value = maps:get(PL, Variables),
replace_placeholder(More, Variables, [{Name, Value} | Acc]);
replace_placeholder([{Name, Value} | More], Variables, Acc) ->
replace_placeholder(More, Variables, [{Name, Value} | Acc]).If there is no corresponding key in Variables, then maps:get(PL, Variables) will crash, as mentioned in Issue#13253, this is possible when fail_if_no_peer_cert is set to false.
from emqx.
zmstone
commented on June 26, 2024
This is not a bug, but a feature request.
JWT authn only supports placeholders for clientid and username to check against the JWT claims.
A workaround for now is to use peer_cert_as_username or peer_cert_as_clientid.
from emqx.
tigercl
commented on June 26, 2024
I found it: JWT AuthN
Maybe it's time to support it.
from emqx.
Related Issues (20)
- Allow users to explicitly persist Dashboard configuration
- Connector to MQTT host fails with bad username/password, other clients connect normally HOT 2
- But I found that it was sent successfully, and I also subscribed to this topic. Should return 200 and messageid HOT 1
- Feature Request: Add exact_match Parameter to JWT ACL HOT 17
- The unit of max packet size is wrong
- Default Value of fail_if_no_peer_cert HOT 10
- Backup and Restore | Rule Configuration Missing
- SSL listener's check for "CA Cert" HOT 4
- The statistics of disconnection reasons do not include malformed packets HOT 3
- Clearer disconnection reasons
- Add "topic_subscribe_filter" field to JWT ACL (or some acl behavior like this) HOT 21
- Add curl to docker image HOT 5
- 消息重传机制只会在重连的时候触发么 HOT 3
- api/v5/prometheus/stats not have erlang_vm_* 指标没了吗? HOT 3
- 延迟subscribe可能导致消息消费不到 HOT 5
- runq_overload alert on using MongoDB for authz/authn and also alert gets stuck for days sometimes HOT 1
- Helm Chart: MQTT ingress proxies HTTP to MQTT port HOT 2
- docker can't pull emqx:5.7.0 HOT 3
- Connect to ws emqx and the respons is 400 bad request HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emqx.