Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You can authenticate MQTT clients with OAuth 2.0 JWT to connect to the Event Grid namespace. You can embed and validate custom claims in the JWT to authorize publish or subscribe permissions to your Event Grid topic spaces.
Important
This feature is supported only when using the MQTT v5 protocol version.
Prerequisites
- You need an Event Grid namespace with MQTT enabled. Learn about creating Event Grid namespace
Authentication using OAuth 2.0 JWT
You can use the MQTT v5 CONNECT packet to provide the OAuth 2.0 JWT to authenticate your client and the MQTT v5 AUTH packet to refresh the token.
Important
If you don't set the CONNECT packet's authentication method to CUSTOM-JWT, you receive an 'invalid issuer' error—even if all other configurations are correct.
In the CONNECT packet, you can provide the required values in the following fields:
| Field | Value |
|---|---|
| Authentication Method | CUSTOM-JWT |
| Authentication Data | JWT |
In the AUTH packet, you can provide the required values in the following fields:
| Field | Value |
|---|---|
| Authentication Method | CUSTOM-JWT |
| Authentication Data | JWT |
| Authentication Reason Code | 25 |
Authenticate Reason Code with value 25 signifies reauthentication.
Note
Audience: aud claim must be set to https://[namespace].ts.eventgrid.azure.net/.
Access permissions
A client using OAuth 2.0 JWT authentication can use client attributes and permissions to limit access to specific topics.