I am using ejabberd 19.02 for MQTT communication between client. I can Authenticate user using "external" auth method - by just validating user name and password.
I also have requirement that one user is allowed to publish one topic and another user is not allowed to publish that topic. The same for the subscription as well. I believe it is Authorization or Access control. How to achieve above in the ejabberd MQTT server ?
I saw "Access rules" configuration but it seems it not matching with topic subscription/publish limitation to some users.
Can it be controlled like Authentication - like give responsibility external
The module mod_mqtt provides two options for access control: access_subscribe and access_publish. The former can be used to restrict access for subscribers and the latter can be used to restrict access for publishers. Both accept mapping filter: rule where filter is an MQTT topic filter and rule is the standard ejabberd access rule.
As an example, let's say user1@domain.tld is only able to publish to topic "/foo/bar/" and its subtopics, while user2@domain.tld is only able to subscribe to this topic and its subtopics. The configuration will look something like this:
acl:
...
publisher:
user:
"user1" : "domain.tld"
subscriber:
user:
"user2" : "domain.tld"
modules:
...
mod_mqtt:
access_publish:
"/foo/bar/#":
- allow: publisher
- deny
"#":
- deny
access_subscribe:
"/foo/bar/#":
- allow: subscriber
- deny
"#":
- deny