- Notifications
You must be signed in to change notification settings - Fork1
authbroker/authbroker
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Authentication and Authorization module of HTTP/MQTT/CoAP Brokers based on NodeJS for IoT or Internet of Things. This repo is under development.
- InstallKeycloak locally. Make sure it's working.
- If you want to run a test locally, clone this repo.
git clone https://github.com/authbroker/authbrokercd authbrokernpm installbash run-test.sh# visit http://localhost:8080# with username 'admin' and password 'admin'npm runtest# for stopping docker instance you use thisdocker stop$(docker ps -a -q --filter ancestor=authbroker:test --format="{{.ID}}")
It runs Keycloak by docker and import demo data to IOT_Realm realm. An example Broker runs that used auhtBroker by:
node ./example/broker.js
these below commands Subscribe and Publish to broker.
mosquitto_sub -h localhost -p 1883 -t garden/fan -u admin -P adminmosquitto_pub -h localhost -p 1883 -t garden/fan -m"hello world" -u admin -P adminif username/password or authorization permission in Keycloak changes, authBroker authorization will not permitted to broker. for example change topic to unauthorized topic like garden/unathorized and see how broker reject it.
This module use Node-style callback and it can be used with different brokers likeAedes.
constaedes=require("aedes")({persistence:newrequire("aedes-persistence")()});constserver=require("net").createServer(aedes.handle);constport=1883;constauthBroker=require('@authbroker/authbroker');constconfig={"realm":"IOT_Realm","authUrl":"http://localhost:8080/auth","sslRequired":"external","clientId":"authBroker","verifyTokenAudience":true,"credentials":{"secret":"secret"},"confidentialPort":0,"policyEnforcer":{},"mqttpubScope":"scopes:mqttpub",// scope text for pub permission"mqttsubScope":"scopes:mqttsub",// scope text for pub permission"mqttResPerfix":"res:"// prefix text for resource or topic};constauthbroker=newauthBroker(config)// hook it upaedes.authenticate=authbroker.authenticate();aedes.authorizeSubscribe=authbroker.authorizeSubscribe();aedes.authorizePublish=authbroker.authorizePublish();server.listen(port,function(){console.log("server listening on port",port);});
It's necessary to set these scopes in Authorization section in Keycloak.By defualt 'scopes:mqttpub' is set for Publish permission and 'scopes:mqttsub' is set for Subscription permission.
Users can Publish or Subscribe to resources which has a scope 'scopes:mqttpub' or 'scopes:mqttsub'.
run-test.sh script runs a preconfigured Keycloak Demo version that can be used as a template.
bash run-test.sh
then visithttp://localhost:8080 with username 'admin' and password 'admin' in Admin console.
Anyone with interest in or experience with the following technologies are encouraged to join the project.And if you fancy it, join theTelegram group here for Devs and say Hello!
- Matteo Collina for Mosca, Aedes, Ponte (https://github.com/moscajs/aedes)
- Eugenio Pace for Auth0 Mosca inspiration (https://github.com/eugeniop/auth0mosca)
MIT - Copyright (c) 2019-2022 ioKloud
About
Authentication and Authorization module of HTTP/MQTT/CoAP Brokers based on NodeJS for IoT or Internet of Things.