Skip to main content

AnyAuth and Integration with BifroMQ

· 4 min read
Gu Jiawei
Gu Jiawei

The AnyAuth plugin is a powerful extension built upon the BifroMQ IAuthProvider interface using PF4J. It is designed to provide seamless authentication and authorization capabilities for BifroMQ, enabling users to secure access to messages and resources across a wide range of clients.

BifroMQ in Smart Home

Background

Company A is a firm specializing in the smart home industry. They aim to enhance their product's value and user experience by incorporating IoT (Internet of Things) technology, allowing remote control of their products. They have chosen BifroMQ as their MQTT message middleware, integrated into their IoT platform to connect their smart home devices to the internet.

Key Participants

  • Company A: Smart home devices manufacturer looking to enhance product value and user experience through IoT technology.
  • Company B: Software development company responsible for developing the IoT platform and WeChat Mini Program for company A.
  • BifroMQ: MQTT message middleware providing reliable message transmission services, integrated into the IoT platform by company B.

End Users

As users of the smart home devices, we anticipate the ability to remotely control the devices, e.g. air conditioner, adjust the temperature, check the current indoor temperature, and monitor the air conditioner's operational status through the WeChat Mini Program.

AnyAuth in BifroMQ

The versatility of the AnyAuth plugin lies in its support for various authentication mechanisms, including traditional username/password that is for devices, auth0, and even WeChat integration. This means that users can be authenticated by using their preferred social accounts, simplifying access to BifroMQ.

Furthermore, AnyAuth seamlessly integrates with BifroMQ, offering Role-Based Access Control (RBAC) through Access Control Lists (ACL). This feature empowers administrators to define distinct roles and permissions, which can then ensure fine-grained access control.

For more information and technical design, check the article.

Setup Steps

Integrating AnyAuth with BifroMQ has proven to be remarkably straightforward. Here's a concise rundown to get started:

Prerequisites

Before we dive in, it's essential to understand that AnyAuth's primary focus lies in querying users' credentials and corresponding ACL rules. Handling administrative tasks, such as user registration and ACL specification, falls under the purview of other services. To ensure a smooth data retrieval process, users must complete device registration and specify ACL requirements in advance.

Configure AnyAuth Plugin

AnyAuth's flexibility hinges on the correct configuration of authentication parameters. These parameters can vary depending on your chosen authentication method (e.g., username/password, auth0 and WeChat). The configuration file can be found in the bifromq-plugin-anyAuth/auth-plugin/src/main/resources directory and will be packaged into the JAR file after compilation. Therefore, it's crucial to configure it first.

tenantId: ${TENANTID}
device:
  authUrl: ${AUTH_SERVICE_AUTH_URL}
  checkUrl: ${AUTH_SERVICE_CHECK_URL}
auth0:
  domain: ${AUTH0_DOMAIN}
wechat:
  appId: ${APP_ID}
  appSecret: ${APP_SECRET}
  requestUrl: https://api.weixin.qq.com/sns/jscode2session?appid=

Setup BifroMQ with Plugin

Now, let's move to the practical implementation. In your AnyAuth project directory, run the following command to generate the necessary output:

cd bifromq-plugin-anyAuth && mvn clean package

This command will generate an auth-plugin-${VERSION}.jar and auth-service-${VERSION}.tar.gz file in their respective target directories.

To ensure BifroMQ correctly loads the AnyAuth plugin, place the corresponding JAR file in the plugins directory within BifroMQ's target directory, i.e. bifromq-${VERSION}/plugins. Additionally, specify the Fully Qualified Name (FQN), e.g. authProviderFQN: bifromq.plugin.auth.AuthProvider, in BifroMQ's configuration file (conf/standalone.yml).

Setup AnyAuth Service

The plugin JAR file acts as a client for authentication and authorization, while the AnyAuth service handles database query operations. Deploy the AnyAuth service, specifying MySQL connection parameters for credentials and permission rules queries.

For development or testing purposes, AnyAuth also supports dummy storage, i.e. set type: Dummy in AnyAuth service configuration file.

End-to-End Demo

With all the setup steps completed, we can now embark on an exciting journey. Utilize a WeChat MiniProgram to log in to BifroMQ, and a user-friendly GUI application to simulate devices. The video below showcases a typical scenario: a device reporting the current temperature via BifroMQ, and a WeChat MiniProgram receiving the message, subsequently issuing commands based on the data.