For most non-trivial server software which run in production, authentication is a very important. Of course this also applies to MQTT brokers. Luckily the MQTT v3.1 specification includes a username and password authentication mechanism which most MQTT brokers implement.

While username/password files for authentication are sufficient for playing around with MQTT brokers, they are not sufficient for enterprise-grade production systems. When integrating a MQTT broker in existing software landscapes, typically there are existing databases and services.

To demonstrate how dead simple it is to integrate an existing HTTP REST API for MQTT authentication, I created a simple HiveMQ MQTT broker plugin which delegates the authentication mechanism to the REST API (in this case a mock REST API). This API returns a JSON response which we parse in the HiveMQ plugin. It uses the excellent Apache HTTPClient from the HTTP Components project to integrate the authentication mechanism. You can find the project on Github here: https://github.com/dobermai/hivemq-rest-auth-plugin.

This shows the whole implementation of the authentication mechanism. Feels like 90% exception handling 😉

The exact same mechanism can be used if you want to integrate MQTT authentication with some SOAP webservices, NoSQL databases, SQL databases, OAuth and anything you can imagine.

Make sure your MQTT broker of choice supports plugins. If you want to give the HiveMQ plugin system a shot, start here.