Client
Connection establishment
According to the authentication concepts, the client must proceed the following steps to be able to accept SMOKER connections:
- Generate or read a valid ED25519 key-pair
- Send a
CONNECT
packet withSMOKER
as authentication method - If the nonce is received by the broker, the client must respond with another
AUTH
packet with the signed nonce within the authentication data
Generate or read key-pair
The client needs a ED25519 key-pair (see cryptography concepts) to authenticate himself to the broker. The client can either generate a new key-pair or use an existing one. The client is responsible for the key-management for himself. It is recommended to use implementations of libsodium for cryptographic operations.
Send CONNECT
packet
To start the authentication flow, the client needs to send a CONNECT packet with the following properties set:
- Authentication method:
SMOKER
- ClientId: Base32 (padded) representation of the public-key
- Protocol version:
5
Send AUTH
packet
If the client receives the AUTH
packet with the nonce from the broker, the client needs to sign it with its key-pair. This signature then needs to be sent back with another AUTH
packet with the following properties set:
- Authentication data: the signature
- Reason code:
0x18 Continue authentication
Send a claim
To claim a topic the client needs to process the following steps:
- Setup a valid claim according to the contracts
- Set up a valid restriction
- Sign the created restriction and set up a valid claim
- Send the created claim to the broker by publishing a message to the
access/claim
topic with the JSON serialized claim in the message payload.
Note: It is highly recommended to publish claim messages with QoS 1 to be able to receive a
PUBACK
packet which contains further information about success or failures of the operation.
Send a unclaim
To unclaim a topic, the client needs to process the following steps:
- Send the unclaim by publishing a message to the
access/unclaim
topic with the topic name within the message payload.
Note: It is highly recommended to publish unclaim messages with QoS 1 to be able to receive a
PUBACK
packet which contains further information about success or failures of the operation.
Publish / Subscribe claimed topics
Claimed topics can simply be subscribed/published by the client using the standard MQTT procedures. The topic name must always be fully qualified (see restricted area). The broker must decide if a incoming MQTT operation is permitted or not, based on the claims it is holding from clients.