JWT ACL

    Plugin:

    TIP

    The emqx_auth_jwt authorization features are tightly coupled with authentication features.

    If the provided claim is not found in the JWT, no ACL check will be applied for this client, unless there are other ACL plugins or modules enabled.

    The data structure of ACL rules is the following:

    , and lists serve as whitelists for the corresponding operations.

    • %c: Client ID

    For example:

    EMQX Broker will automatically interpolate topic names before checking ACL.

    JWT ACL engine will prohibit all operations after the deadline specified in JWT claim, so a client with an expired JWT has to reconnect with a fresh JWT.

    WARING

    1. When ACL cache is enabled, the ACL rule’s expiration is either when the cache or JWT expires, whichever is the later.