Vernemq authentication with token based

Hi all, i was able to configure my VerneMQ authentication with database (postgresql). Just wondering is it vmq diversity support us to authentication with token based ?
When i asked to chatgpt they said it’s possible but when i tried the config such as DOCKER_VERNEMQ_VMQ_DIVERSITY__AUTH__TOKEN__URL it will raises an error cuttlefish because the config is not correct. basically what i learn from chatgpt, if we want to used authentication with token we need to create our auth service it self then connect it with vmq diversity plugin. but i’m a bit confuse, since in vernemq documentation did not mention authentication with token based.

thanks

ChatGPT is just doing what it does best…

There’s no AUTH_TOKEN_URL setting.
Yes, you need to do your own token plugin. (You can look around Github for inspiration, I’ve seen a few out there.)

So, the best practice for token based is creating own service for auth service then connect it to vernemq webhook right?

You’ll need a plugin that implements the auth_on_register hooks. The hook can be implemented in a native Erlang plugin, or within your WebHooks backend. You want to add the token to the password or username field in the MQTT connect packet, and VerneMQ forwards this information to your plugin with the expectation that the plugin provides an authentication decision.

Hi, i tried to follow this documentation Webhooks | VerneMQ

but, i tried to use auth_on_register, when i try to connect vernemq this error appear
<0.670.0> vmq_mqtt5_fsm:check_user/3:1113: can’t authenticate client {,<<“testclient”>>} from 192.168.65.1:42739 due to plugin_chain_exhausted

i was double check to curl from my container to check my local webhook backend is reachable or not, from culr is good. also check vmq-admin webhooks show my webhook already registered to the plugin with correct url

here is my vernemq.conf

vmq_webhooks.myhook.hook=auth_on_register
accept_eula=yes
vmq_webhooks.myhook.endpoint=http://host.docker.internal:3000/api/v1/vernemq_auth/authentication
plugins.vmq_webhooks=on
log.console=console
allow_anonymous=off
erlang.distribution.port_range.minimum = 9100
erlang.distribution.port_range.maximum = 9109
listener.tcp.default = 172.20.0.2:1883
listener.ws.default = 172.20.0.2:8080
listener.vmq.clustering = 172.20.0.2:44053
listener.http.metrics = 172.20.0.2:8888

Oh My bad, i found the root cause.
since i’m using MQTT 5 so it will trigger webhook with prefix _m5 instead of without prefix.
Thank you

1 Like