Following the previous HTTP custom authentication and MySQL and PostgreSQL external authentication, EMQX Cloud has recently opened two external authentication and authorization methods, Redis and JWT. Users can have more choices when performing authentication and authentication, and flexibly realize safer and faster access to massive devices.
Flexible and diverse authentication methods
As a fully managed cloud-native MQTT messaging service, users can authenticate the device and control topic access through the authentication module of the console. Authentication is performed in the form of user name and password, and access control supports three granularity control of client ID, user name and all users. Both identity authentication and access control support batch import of csv files.
In addition to storing authentication information in EMQX Cloud, users can also authenticate in an external database where users store authentication information through external authentication and authorization, and also support connecting to the JWT service for authentication.
Compared with other databases, Redis has rich data types, such as strings, hashes, lists, sets, ordered sets, etc. In addition, its features such as high read and write performance and fast command execution speed make it widely used in various scenarios.
JWT (JSON Web Token) authentication is an authentication mechanism based on Token. It does not rely on the server to retain the authentication information or session information of the client. It can issue authentication information in batches while holding the key. It is a very simple authentication method. .
user's guidance
Users can configure through the following operations to use Redis as an external data source or JWT authentication to complete authentication and access control.
Access the console, and in the left menu bar "Authentication" -> "External Authentication and Authorization", access the external authentication and authorization function. For specific configuration and debugging steps, please refer to the interface prompts and the help documentation at the end of this article.
Redis authentication/access control
JWT authentication/access control
Precautions
- If built-in authentication is enabled at the same time, EMQX Cloud will perform chain authentication in the order of default authentication first, and then external authentication and authorization .
- When multiple authentication methods are enabled at the same time, the system will execute the query in the order of enabling modules by default.
- If the current deployment is the basic version, please fill in the public network address for the server address.
- If the current deployment is the professional version, a VPC peering connection needs to be created. Please fill in the intranet address for the server address.
- If the message Init resource failure! is displayed, check whether the server address is correct and whether the security group is enabled.
This update further enriches the options of the external authentication and authorization function. Users can choose the corresponding authentication method according to their own business conditions. Whether it is large-scale device access or mobile application scenarios, they can respond flexibly.
Related Documentation
Redis Authentication/Access Control: https://docs.emqx.com/en/cloud/latest/deployments/redis_auth.html
JWT authentication/access control: https://docs.emqx.com/en/cloud/latest/deployments/jwt_auth.html
Copyright statement: This article is original by EMQ, please indicate the source when reprinting.
Original link: https://www.emqx.com/zh/blog/emqx-cloud-redis-and-jwt-authentication-authorization
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。