Client

Specification that must be met from the point of view of the client

Connection establishment

According to the authentication concepts, the client must proceed the following steps to be able to accept SMOKER connections:

  1. Generate or read a valid ED25519 key-pair
  2. Send a CONNECT packet with SMOKER as authentication method
  3. If the nonce is received by the broker, the client must respond with another AUTH packet with the signed nonce within the authentication data

Generate or read key-pair

The client needs a ED25519 key-pair (see cryptography concepts) to authenticate himself to the broker. The client can either generate a new key-pair or use an existing one. The client is responsible for the key-management for himself. It is recommended to use implementations of libsodium for cryptographic operations.

Send CONNECT packet

To start the authentication flow, the client needs to send a CONNECT packet with the following properties set:

  • Authentication method: SMOKER
  • ClientId: Base32 (padded) representation of the public-key
  • Protocol version: 5

Send AUTH packet

If the client receives the AUTH packet with the nonce from the broker, the client needs to sign it with its key-pair. This signature then needs to be sent back with another AUTH packet with the following properties set:

  • Authentication data: the signature
  • Reason code: 0x18 Continue authentication

Send a claim

To claim a topic the client needs to process the following steps:

  • Setup a valid claim according to the contracts
    • Set up a valid restriction
    • Sign the created restriction and set up a valid claim
  • Send the created claim to the broker by publishing a message to the access/claim topic with the JSON serialized claim in the message payload.

Note: It is highly recommended to publish claim messages with QoS 1 to be able to receive a PUBACK packet which contains further information about success or failures of the operation.

Send a unclaim

To unclaim a topic, the client needs to process the following steps:

  • Send the unclaim by publishing a message to the access/unclaim topic with the topic name within the message payload.

Note: It is highly recommended to publish unclaim messages with QoS 1 to be able to receive a PUBACK packet which contains further information about success or failures of the operation.

Publish / Subscribe claimed topics

Claimed topics can simply be subscribed/published by the client using the standard MQTT procedures. The topic name must always be fully qualified (see restricted area). The broker must decide if a incoming MQTT operation is permitted or not, based on the claims it is holding from clients.

Last modified May 30, 2021