kennyh
/
emqx4.3


			
				
					
						
						
							123456789101112131415161718192021222324252627282930
							authentication = [
  {
    mechanism = cinfo
    checks = [
      # allow clients with username starts with 'super-'
      {
        is_match = "regex_match(username, '^super-')"
        result = allow
      },
      # deny clients with empty username and client ID starts with 'v1-'
      {
        # when is_match is an array, it yields 'true' if all individual checks yield 'true'
        is_match = ["is_empty_val(username)", "str_eq(nth(1,tokens(clientid,'-')), 'v1')"]
        result = deny
      }
      # if all checks are exhausted without an 'allow' or a 'deny' result, continue to the next authentication
    ]
  },
  # ... more authentications ...
  # ...
  # if all authenticators are exhausted without an 'allow' or a 'deny' result, the client is not rejected
]

# A few more match condition examples:
#
# TLS certificate common name is the same as username:
#   str_eq(cert_common_name, username)
#
# Password is the 'sha1' hash of environment variable 'EMQXVAR_SECRET' concatenated to client ID:
#   str_eq(password, hash('sha1', concat([clientid, getenv('SECRET')])))