MQTTv5 doesn't support oauth2 token re-authentication

[AntonSmolkov]

Describe the bug

The MQTT Plugin documentation states:

RabbitMQ supports most MQTT 5.0 features, including the following:
TLS, OAuth 2.0

However, it seems an important part of the standard is missing—Re-authentication.

Currently, if I send an AUTH packet with a new token on existing connection, I receive an extended_authentication_unsupported error. (source)

I believe this is an essential part of the standard that should be implemented, as it is for AMQP-0-9-1 connections.

For reference, here is the description of the same feature implemented in Azure Event Grid: Authentication using Microsoft Entra JWT.

Reproduction steps

1. Initialize the MQTT5 connection using the CONNECT method, passing the JWT token in the password field.
2. Send an AUTH packet with reason code 25 (re-authenticate) and the renewed JWT token.

An error occurs: extended_authentication_unsupported.

Expected behavior

JWT-token of the connection is updated

Additional context

No response

[ansd]

This is not a bug.
As described in #7263 (comment) the MQTT 5.0 AUTH packet is currently unsupported.

I just updated our documentation to clearly list this limitation:
https://www.rabbitmq.com/docs/mqtt#re-authentication

While RabbitMQ supports OAuth 2.0 token renewal for AMQP 1.0, AMQP 0.9.1, and the RabbitMQ stream protocol, RabbitMQ does currently not support OAuth 2.0 token renewal for MQTT.
If a token expires, RabbitMQ will disconnect the MQTT client with reason code 160: Maximum connect time.

I implemented token renewal for AMQP 1.0 very recently in #12599. This feature will be available in RabbitMQ 4.1.

I implemented MQTT clients being disconnected upon token expiration recently in #11867. This feature got backported to RabbitMQ 4.0.x and RabbitMQ 3.13.x.

[AntonSmolkov]

@ansd
Thanks for the clarification!
Any plans to implement this in the future?

[michaelklishin]

@AntonSmolkov this is open source software you very likely pay nothing for, so you are welcome to contribute the features you need. Asking others "if they have plans" to implement something you need is not how open source software works.