Can't connect and publish to some Devices -- Dealing with empty passwords

kcockburn · 2021-08-18 07:49:49 UTC

I have created six devices three of them with ClientIds of…
J000068270_060D
J000068270_060O
J000068270_060P
All three have the same user name and password is blank. The device flags are the same on each.
I can connect and publish to J000068270_060D but not the other two.

I had been able to connect and publish to J000068270_060O but after deleting it and recreating it (trying to remove retained messages - as sending a retained message with no content did not clear them) it no longer works. I have never been able to publish to J000068270_060P since creating it.

I have tried Restarting the context. Is there anything else I can try?

Regards.

kcockburn · 2021-08-18 08:47:51 UTC

Further update - I have now managed to get all three of the problem devices working by adding a password to each device.

On the device settings screen the Password field is blank if there is a password set or not. So possibly there was a password set that I couldn’t see but I was trying to connect without a password. Perhaps it would be better if this field actually displayed the password?

Should these devices have worked without a password? If a password has been set is there any way to remove it?

Regards.

anon79473925 · 2021-08-18 09:58:18 UTC

Hello,

You can create devices (clientId+Username) without a password and it will work, even
when you edit that device afterwards as long as you leave empty password field to ensure
it remains untouched (be it empty or not).

However this have two problems:

a) You cannot set an empty password for a device that did have one on creation as the
edition form has no way to distinguish between “leaving the password as it is” and “do set an empty password…”

b) Plus the fact that creating devices without password is not recommended as it makes you depend on how client device undestanding sending no password, which makes some MQTT client to work while others don’t, creating confusing situations.

Our recommendation: always adjust a password, and in the case you want to configure empty password, make it have an only known by you token (the larger the better).

About your question: yes, it should work without password but we can’t know if it wasn’t working because it didn’t have a password and there was a client side problem or it did have a password in the beginning and you were expecting to connect without it (obviously it won’t work).

About the implicit question of showing passwords: just confirm all passwords are hashed so it is not possible to get access them to be shown. That’s why password field is always blank.

We will pass a note to programming to make that field show a note to change ~~Device password~~ by
Leave it blank to keep current password, provide one to change it

Best Regards,

kcockburn · 2021-08-18 10:36:09 UTC

Hi Christian,
Thank you for your reply. I have now managed to get these working without a password by deleting the devices and recreating them.
On the create device form my browser (chrome) is automatically populating my name/password in these fields so I may have failed to delete the password before saving.
If programming could modify the form so that the password field always shows the hashed password except if it is blank so that it could be deleted that would be a big help.
Best regards