I have working the authentication with the follow configuration (I remove some part from this):
authentication = [
{
backend = "mongodb"
collection = "users"
database = "sys_mqtt"
enable = true
filter {clientid = "${clientid}", username = "${username}"}
is_superuser_field = "superuser"
mechanism = "password_based"
mongo_type = "single"
password = "password0001"
password_hash_algorithm {
iterations = 5000
mac_fun = "sha512"
name = "pbkdf2"
}
password_hash_field = "password"
pool_size = 8
salt_field = "salt"
server = "mongo:27017"
srv_record = false
ssl {
ciphers = []
depth = 10
enable = false
hibernate_after = "5s"
reuse_sessions = true
secure_renegotiate = true
user_lookup_fun = "emqx_tls_psk:lookup"
verify = "verify_peer"
versions = ["tlsv1.3", "tlsv1.2", "tlsv1.1", "tlsv1"]
}
topology {
connect_timeout_ms = "20s"
heartbeat_frequency_ms = "200s"
max_overflow = 0
pool_size = 8
}
username = "admin"
}
]
authorization {
cache {
enable = true
max_size = 32
ttl = "1m"
}
deny_action = "ignore"
no_match = "allow"
sources = [
{
collection = "users"
database = "sys_mqtt"
enable = true
filter {username = "${username}"}
mongo_type = "single"
password = "password0001"
pool_size = 8
server = "mongo:27017"
srv_record = false
ssl {
ciphers = []
depth = 10
enable = false
hibernate_after = "5s"
reuse_sessions = true
secure_renegotiate = true
user_lookup_fun = "emqx_tls_psk:lookup"
verify = "verify_peer"
versions = ["tlsv1.3", "tlsv1.2", "tlsv1.1", "tlsv1"]
}
topology {
connect_timeout_ms = "20s"
heartbeat_frequency_ms = "200s"
max_overflow = 0
pool_size = 8
}
type = "mongodb"
username = "admin"
}
]
}
In my database I have this :
{
"_id": {
"$oid": "645b41478c94152587d7dba4"
},
"username": "pablo",
"password": "75ae76beb7e93b2fdb8553cf8615dcdf3562b11ff49813230309bbad92134f344739b848174db73fd16363623340426c6754732c95075286c895d052ee820eaf",
"superuser": false,
"clientid": "645b41478c94152587d7dba4",
"permission": "allow",
"action": "all",
"topics": [
"/client/645b41478c94152587d7dba4/measure/",
"/client/645b41478c94152587d7dba4/process/",
"/client/645b41478c94152587d7dba4/status/",
"/client/645b41478c94152587d7dba4/command/"
]
}
I see here that for the authorization I need the fields permission, action and topics, but this doesn’t work I can see in the authorization overview that the No match counter increase everytime I connect a client.
What I’m doing wrong?