Skip to content

MQTT OAuth: clients not disconnected on token expiration #1744

New issue
New issue
Closed
Bug
#1746
Closed
MQTT OAuth: clients not disconnected on token expiration#1744
Bug
#1746
Assignees
kickster97
Labels
2.7.x
Milestone
2.7.0
@kickster97

Description

@kickster97
kickster97
opened on Feb 23, 2026

Describe the bug

MQTT clients are not disconnected when their OAuth token expires. The AMQP client sets up an on_expiration callback during initialization that closes the connection when the token expires. The MQTT client has no equivalent, so MQTT clients with expired tokens remain connected indefinitely.

Describe your setup

LavinMQ 2.7.0-rc.1, MQTT client connecting with a short-lived JWT token obtained via OAuth client credentials flow.

How to reproduce

  1. Connect an MQTT client using a short-lived JWT token (e.g. 60s expiry)
  2. Wait for the token to expire
  3. The MQTT client remains connected and can continue publishing/subscribing

Expected behavior

MQTT clients should be disconnected when their OAuth token expires, consistent with AMQP.

Metadata

Metadata

Assignees

Labels

2.7.x

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions