This needs to be enforced by the server too, if it accepts bearer tokens..
and make it the default.. There are some cases in controlled environments
you need to switch-off TLS too..
Thanks & regards,
-Prabath
On Mon, Feb 8, 2016 at 11:16 PM, Ayyoob Hamza wrote:
>
> Please make sure that when be
> Please make sure that when bearer tokens are used for authentication, MQTT
> runs over TLS..
>
Just having a doubt on whether isn't this supposed to be enforced by the
client or does it needs to be enforced by the server since it supports both
the communication.
Thanks
__
Please make sure that when bearer tokens are used for authentication, MQTT
runs over TLS..
Thanks & regards,
-Prabath
On Thu, Jan 21, 2016 at 9:40 PM, Sumedha Rubasinghe
wrote:
> Invite NuwanD from API Manager, Johann & PrabathS as well.
>
> On Fri, Jan 22, 2016 at 10:53 AM, Pumudu Ruhunage wr
Invite NuwanD from API Manager, Johann & PrabathS as well.
On Fri, Jan 22, 2016 at 10:53 AM, Pumudu Ruhunage wrote:
> Hi Ayyoob,
> +1 for the implementation.
> Can you please schedule a code review meeting for this implementation?
> Please invite MB team for the review meeting as well.
>
> Thank
Hi Ayyoob,
+1 for the implementation.
Can you please schedule a code review meeting for this implementation?
Please invite MB team for the review meeting as well.
Thanks,
Pumudu
On Fri, Jan 22, 2016 at 12:04 AM, Ayyoob Hamza wrote:
> +1 and made the changes to have a specific username and as
+1 and made the changes to have a specific username and as default it would
be "Bearer"[1].
[1]
https://github.com/ayyoob/extensions/tree/master/messagebroker-extensions
*Ayyoob Hamza*
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso
+1 for the approach Paul suggested, AFAIK 3.1.1 specification allows
username to be sent with an empty password, In that case we cannot assume
if the password is empty it should be OAuth based.
On Thu, Jan 21, 2016 at 12:34 PM, Paul Fremantle wrote:
> Wouldn't it be better to have a specific use
Wouldn't it be better to have a specific username for Oauth? e.g. Bearer.
If the username matches this then the password is the token?
Paul
On 20 January 2016 at 14:20, Ayyoob Hamza wrote:
> Hi All,
>
> MQTT specification only supports basic authentication. However in IoT use
> cases embedding
Hi All,
MQTT specification only supports basic authentication. However in IoT use
cases embedding the credential in the device is not a feasible approach.
Further in specification it has been mentioned[1] :
"The CONNECT Packet contains Username and Password fields. Implementations
can choose how
