Hello,
I am working on implementing an IoT scenario where client devices send MQTT messages to MQTT brokers via the WebSocket protocol. In this setup, the client devices provide JWT tokens, and the MQTT brokers validate the tokens’ signatures. To enhance security and restrict access to verified clients, I am interested in offloading the JWT signature validation process to HAProxy. This way, only clients with valid JWT tokens will be allowed to connect to the brokers.
The clients utilize the Paho MQTT library and provide the JWT token as the password field during connection:
opts = {
clientId: clientID,
username: username,
password: password // JWT token goes here
};
mqttClient = mqtt.connect(address, opts);
My question is whether HAProxy has the capability to extract this JWT token field and pass it to a validation process for further verification.
I would greatly appreciate any advice or insights you can provide regarding this matter. Thank you.