[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (MQTT-507) Allow Server-sent AUTH packets
[ https://issues.oasis-open.org/browse/MQTT-507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=67352#comment-67352 ]
Dominik Obermaier commented on MQTT-507:
----------------------------------------
The proposal in MQTT-431 is sufficient, this issue can be marked as duplicate.
The arguments for such a feature were already stated in MQTT-431. An additional argument I'd add would be that in case of administrative revocation of authentication credentials, a re-authentication request by the broker for specific clients may be useful in scenarios where it's undesired to disconnect the client in order to enforce a re-authentication.
> Allow Server-sent AUTH packets
> ------------------------------
>
> Key: MQTT-507
> URL: https://issues.oasis-open.org/browse/MQTT-507
> Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
> Issue Type: New Feature
> Components: core
> Affects Versions: 5, CSD01
> Reporter: Dominik Obermaier
>
> The initial AUTH packet can only be sent by the client to re-authenticate. There are use cases for a server-initiated AUTH packet.
> An example would be if login credentials are revoked on the broker side (e.g. due to administrative interventions). There is currently no way to force the client to re-send the AUTH packet. A server side AUTH challenge may help in such cases, so the client has a chance to provide valid credentials in case the original secrets are not valid anymore.
> Another use case would be OAUTH 2.0. The JWT as Access Token may expire and the broker can notify the client that a new token is required.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]