diff --git a/samples/mqtt/custom_authorizer_connect/README.md b/samples/mqtt/custom_authorizer_connect/README.md index 35ba6c750..3a5a24e0e 100644 --- a/samples/mqtt/custom_authorizer_connect/README.md +++ b/samples/mqtt/custom_authorizer_connect/README.md @@ -35,6 +35,13 @@ Note that in a real application, you may want to avoid the use of wildcards in y +**Note** The sample also allows passing arguments to specify additional data your custom authorizer may need. The snippets below assume that the custom authorizer does not need these additional parameters, but in the general case, you will almost always need some of them depending on the authorizer's configuration and the associated Lambda function's internals. +* `--custom_auth_username` - opaque string value passed to the authorizer via an MQTT Connect packet. The authorizer's Lambda can check this value from the event JSON value it receives as input: `event.protocolData.mqtt.username` +* `--custom_auth_password` - opaque binary value passed to the authorizer via an MQTT Connect packet. The authorizer's Lambda can check this value from the event JSON value it receives as input: `event.protocolData.mqtt.password` +* `--custom_auth_token_key_name` - (Signed authorizers only) The query string parameter name that the token value should be bound to in the MQTT Connect packet. +* `--custom_auth_token_value` - (Signed authorizers only) An arbitrary value chosen by the user. The user must also submit a digital signature of this value using the private key associated with the authorizer. +* `--custom_auth_authorizer_signature` - (Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter using the private key associated with the authorizer. The binary signature value must be base64 encoded and then URI encoded; the SDK will not do this for you. + # How to run To run the Custom Authorizer connect use the following command: @@ -42,5 +49,3 @@ To run the Custom Authorizer connect use the following command: ``` sh ./custom-authorizer-connect --endpoint --custom_auth_authorizer_name ``` - -**Note** The sample also allows passing additional arguments (`--custom_auth_username`, `--custom_auth_password`, and `custom_auth_authorizer_signature`) to fullfil the additional data your custom authorizer may need. The examples above assume that the custom authorizer does not need these additional parameters. diff --git a/samples/mqtt/custom_authorizer_connect/main.cpp b/samples/mqtt/custom_authorizer_connect/main.cpp index db8785da1..4ad65defd 100644 --- a/samples/mqtt/custom_authorizer_connect/main.cpp +++ b/samples/mqtt/custom_authorizer_connect/main.cpp @@ -32,7 +32,9 @@ int main(int argc, char *argv[]) cmdData.input_customAuthUsername, cmdData.input_customAuthorizerName, cmdData.input_customAuthorizerSignature, - cmdData.input_customAuthPassword); + cmdData.input_customAuthPassword, + cmdData.input_customAuthTokenKeyName, + cmdData.input_customAuthTokenValue); // Create the MQTT connection from the MQTT builder auto clientConfig = clientConfigBuilder.Build(); diff --git a/samples/utils/CommandLineUtils.cpp b/samples/utils/CommandLineUtils.cpp index dbec7a482..3bbc654fe 100644 --- a/samples/utils/CommandLineUtils.cpp +++ b/samples/utils/CommandLineUtils.cpp @@ -44,8 +44,8 @@ namespace Utils static const char *m_cmd_custom_auth_authorizer_name = "custom_auth_authorizer_name"; static const char *m_cmd_custom_auth_authorizer_signature = "custom_auth_authorizer_signature"; static const char *m_cmd_custom_auth_password = "custom_auth_password"; - static const char *m_cmd_custom_auth_token_name = "custom_auth_token_name"; - static const char *m_cmd_custom_token_value = "custom_auth_token_value"; + static const char *m_cmd_custom_auth_token_key_name = "custom_auth_token_key_name"; + static const char *m_cmd_custom_auth_token_value = "custom_auth_token_value"; static const char *m_cmd_verbosity = "verbosity"; static const char *m_cmd_log_file = "log_file"; static const char *m_cmd_cognito_identity = "cognito_identity"; @@ -268,11 +268,23 @@ namespace Utils RegisterCommand( m_cmd_custom_auth_authorizer_signature, "", - "The signature to send when connecting through a custom authorizer (optional)"); + "(Signed authorizers only) a digital signature of the value of the `--custom_auth_token_value` parameter " + "using the private key associated with the authorizer. The binary signature value must be base64 encoded " + "and then URI encoded; the SDK will not do this for you. (optional)"); RegisterCommand( m_cmd_custom_auth_password, "", "The password to send when connecting through a custom authorizer (optional)"); + RegisterCommand( + m_cmd_custom_auth_token_key_name, + "", + "(Signed authorizers only) The query string parameter name that the token value should be bound to in the " + "MQTT Connect packet. (optional)"); + RegisterCommand( + m_cmd_custom_auth_token_value, + "", + "(Signed authorizers only) An arbitrary value chosen by the user. The user must also submit a digital " + "signature of this value using the private key associated with the authorizer. (optional)"); } void CommandLineUtils::AddCognitoCommands() @@ -624,8 +636,8 @@ namespace Utils returnData.input_customAuthorizerSignature = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_authorizer_signature, ""); returnData.input_customAuthPassword = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_password, ""); - returnData.input_customTokenKeyName = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_name, ""); - returnData.input_customTokenValue = cmdUtils.GetCommandOrDefault(m_cmd_custom_token_value, ""); + returnData.input_customAuthTokenKeyName = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_key_name, ""); + returnData.input_customAuthTokenValue = cmdUtils.GetCommandOrDefault(m_cmd_custom_auth_token_value, ""); return returnData; } diff --git a/samples/utils/CommandLineUtils.h b/samples/utils/CommandLineUtils.h index d5a0ea961..e8827b719 100644 --- a/samples/utils/CommandLineUtils.h +++ b/samples/utils/CommandLineUtils.h @@ -232,8 +232,8 @@ namespace Utils Aws::Crt::String input_customAuthorizerName; Aws::Crt::String input_customAuthorizerSignature; Aws::Crt::String input_customAuthPassword; - Aws::Crt::String input_customTokenKeyName; - Aws::Crt::String input_customTokenValue; + Aws::Crt::String input_customAuthTokenKeyName; + Aws::Crt::String input_customAuthTokenValue; // Fleet provisioning Aws::Crt::String input_templateName; Aws::Crt::String input_templateParameters;