[OASIS Issue Tracker] (MQTT-432) Consider adding return code of "Authentication failed"

[OASIS Issues Tracker <workgroup_mailer@lists.oasis-open.org>]

    [ https://issues.oasis-open.org/browse/MQTT-432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=66279#comment-66279 ] 

Richard Coppen commented on MQTT-432:
-------------------------------------

Jira opened following review session this week.

We do have guidance  in the spec around the CONNACK case i.e., "The Server may choose to close the Network Connection without sending a CONNACK". Adding another error code isn't really eating away at that.

I agree we need to find a balance. It was an aim of the charter to improve the error framework beyond "good" and "not good".

> Consider adding return code of "Authentication failed"
> ------------------------------------------------------
>
>                 Key: MQTT-432
>                 URL: https://issues.oasis-open.org/browse/MQTT-432
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 5, wd13
>            Reporter: Richard Coppen
>
> There is no return code on CONNACK and DISCONNECT for  "Authentication Failed". The general guidance is to use "Not Authorised". This seems a little confusing as the Client can't be authorised as it's not yet authenticated. This might make debug more difficult and lead to some implementation confusion.
> We do make the distinction elsewhere in the spec e.g., 
> 3.1.3.4 User Name
> If the User Name Flag is set to 1, the User Name is the next field in the Payload. The User Name MUST be a UTF-8 Encoded String as defined in Section 1.5.4 [MQTT-3.1.3-10]. It can be used by the Server for authentication and authorization.



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)