Username and Password are not included in Subscribe, Publish, Receive #13
Comments
|
Hi @woodyjon, to be honest, I'm not fully sure if I understood the problem correctly. You say, even if you send username / password to the endpoints the information isn't used for validation. Do you mean that? |
|
What I mean is that when the user "connects", its user and password are sent to the api gateway for validation. But after that, when he "subscribes" or "publish", a call is made to the api gateway for validation, but without the user name and password, just "guest" as username and an empty string as password, so the api gateway cannot validate the access based on the user. |
|
That sounds wrong to me. Let me check |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello.
Thank you for this tool.
Is it normal the the username and password are not included in the api validation calls for the /subscribe, /publish, /receive. It is included in the /connect, though.
Here: https://github.com/Axway-API-Management-Plus/mqtt-proxy/blob/master/AUTH_API.md, you seem to suggest that those should be included in all 4 types of calls?
Is there something I don't understand?
Thank you very much!
The text was updated successfully, but these errors were encountered: