50 lines
1.2 KiB
Plaintext
50 lines
1.2 KiB
Plaintext
##--------------------------------------------------------------------
|
|
## JWT Auth Plugin
|
|
##--------------------------------------------------------------------
|
|
|
|
## HMAC Hash Secret.
|
|
##
|
|
## Value: String
|
|
auth.jwt.secret = emqxsecret
|
|
|
|
## RSA or ECDSA public key file.
|
|
##
|
|
## Value: File
|
|
#auth.jwt.pubkey = etc/certs/jwt_public_key.pem
|
|
|
|
## The JWKs server address
|
|
##
|
|
## see: http://self-issued.info/docs/draft-ietf-jose-json-web-key.html
|
|
##
|
|
#auth.jwt.jwks = https://127.0.0.1:8080/jwks
|
|
|
|
## The JWKs refresh interval
|
|
##
|
|
## Value: Duration
|
|
#auth.jwt.jwks.refresh_interval = 5m
|
|
|
|
## From where the JWT string can be got
|
|
##
|
|
## Value: username | password
|
|
## Default: password
|
|
auth.jwt.from = password
|
|
|
|
## Enable to verify claims fields
|
|
##
|
|
## Value: on | off
|
|
auth.jwt.verify_claims = off
|
|
|
|
## The checklist of claims to validate
|
|
##
|
|
## Configuration format: auth.jwt.verify_claims.$name = $expected
|
|
## - $name: the name of the field in the JWT payload to be verified
|
|
## - $expected: the expected value
|
|
##
|
|
## The available placeholders for $expected:
|
|
## - %u: username
|
|
## - %c: clientid
|
|
##
|
|
## For example, to verify that the username in the JWT payload is the same
|
|
## as the client (MQTT protocol) username
|
|
#auth.jwt.verify_claims.username = %u
|