{"id":7519,"date":"2026-06-17T15:17:21","date_gmt":"2026-06-17T15:17:21","guid":{"rendered":"https:\/\/waterstream.io\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/"},"modified":"2026-06-17T15:29:57","modified_gmt":"2026-06-17T15:29:57","slug":"waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id","status":"publish","type":"post","link":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/","title":{"rendered":"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"900\" height=\"600\" src=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg\" alt=\"\" class=\"wp-image-7509\" srcset=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg 900w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0-300x200.jpg 300w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0-768x512.jpg 768w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/figure>\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n<p class=\"wp-block-paragraph\"><strong>Waterstream 1.7.0<\/strong> verifica i JWT tramite un endpoint JWKS, con una scorciatoia in una riga per Azure Entra ID. L&#8217;autenticazione avanzata MQTT v5 (Enhanced Authentication) permette a una sessione di lunga durata di rinnovare i token senza disconnettersi. <\/p>\n\n<p class=\"wp-block-paragraph\">Prima della versione 1.7.0, configurare l&#8217;autenticazione JWT significava fissare una singola chiave di firma nella configurazione del broker. Funziona con un IdP che ruota raramente. Non funziona con Azure Entra ID, che ruota le chiavi JWKS secondo il proprio calendario. Qualsiasi token firmato con un kid che il broker non conosce viene rifiutato. La versione 1.7.0 colma questa lacuna: il broker recupera le chiavi a runtime e le aggiorna quando compare un <code>kid<\/code>sconosciuto.    <\/p>\n\n<h2 class=\"wp-block-heading\">Il flusso JWKS generico<\/h2>\n\n<p class=\"wp-block-paragraph\">Cinque nuove variabili d&#8217;ambiente espongono il percorso JWKS:<br\/><\/p>\n\n<ul class=\"wp-block-list\">\n<li><code>JWT_JWKS_URL<\/code>: l&#8217;URL del documento JWKS<\/li>\n\n\n\n<li><code>JWT_EXPECTED_ISSUER<\/code>: il valore che il claim <code>iss <\/code> deve corrispondere<\/li>\n\n\n\n<li><code>JWT_PRINCIPAL_CLAIM<\/code>: quale claim diventa <code>{username}<\/code> nelle regole ACL (predefinito: <code>sub<\/code>)<\/li>\n\n\n\n<li><code>JWT_ORGANIZATION_CLAIM<\/code>: quale claim popola <code>{organization}<\/code><\/li>\n\n\n\n<li><code>JWT_ENTRA_ID_TENANT_ID<\/code>: la scorciatoia per Entra ID (vedi sotto)<\/li>\n<\/ul>\n\n<p class=\"wp-block-paragraph\">Una configurazione OIDC generica si presenta cos\u00ec:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"1024\" height=\"348\" src=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_-AUTHENTICATION_REQUIREDtrue--1024x348.png\" alt=\"\" class=\"wp-image-7511\" style=\"aspect-ratio:2.942618452344655;width:656px;height:auto\" srcset=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_-AUTHENTICATION_REQUIREDtrue--1024x348.png 1024w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_-AUTHENTICATION_REQUIREDtrue--300x102.png 300w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_-AUTHENTICATION_REQUIREDtrue--768x261.png 768w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_-AUTHENTICATION_REQUIREDtrue-.png 1148w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">La cache \u00e8 indicizzata per <code>kid<\/code>. Un intervallo minimo di 60 secondi tra gli aggiornamenti impedisce che un&#8217;ondata di token non validi sovraccarichi l&#8217;IdP. Le opzioni per chiavi statiche (<code>JWT_VERIFICATION_KEY, JWT_VERIFICATION_KEY_BASE64, JWT_VERIFICATION_KEY_PATH<\/code>) continuano a funzionare per i setup che non richiedono rotazione, ma il broker si rifiuta di avviarsi se le si combina con <code>JWT_JWKS_URL<\/code>  <\/p>\n\n<h2 class=\"wp-block-heading\">La scorciatoia per Entra ID<\/h2>\n\n<p class=\"wp-block-paragraph\">Se il tuo IdP \u00e8 Azure Entra ID, \u00e8 sufficiente impostare il tenant ID:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" width=\"1024\" height=\"398\" src=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_AUTHENTICATION_REQUIREDtrue-2-1024x398.png\" alt=\"\" class=\"wp-image-7513\" style=\"width:690px;height:auto\" srcset=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_AUTHENTICATION_REQUIREDtrue-2-1024x398.png 1024w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_AUTHENTICATION_REQUIREDtrue-2-300x117.png 300w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_AUTHENTICATION_REQUIREDtrue-2-768x299.png 768w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_AUTHENTICATION_REQUIREDtrue-2.png 1384w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\"><code>JWT_JWKS_URL<\/code> e <code> JWT_EXPECTED_ISSUER <\/code> vengono derivati dal tenant ID:<\/p>\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\"><strong>Setting<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>Valore derivato<\/strong><\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\">J<code>WT_JWKS_URL<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>https:\/\/login.microsoftonline.com\/&lt;tenant-id&gt;\/discovery\/v2.0\/keys<\/code><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>JWT_EXPECTED_ISSUER<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>https:\/\/login.microsoftonline.com\/&lt;tenant-id&gt;\/v2.0<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n<p class=\"wp-block-paragraph\">Se \u00e8 necessario sovrascrivere uno dei due (un cloud Azure sovrano, un&#8217;app multi-tenant), le variabili d&#8217;ambiente esplicite hanno la precedenza.<\/p>\n\n<p class=\"wp-block-paragraph\">I token di accesso di Entra ID riportano il GUID dell&#8217;app senza prefisso nel claim <code>aud<\/code>, non l&#8217;URI completo <code>api:\/\/&lt;guid&gt;<\/code>. Imposta <code>JWT_AUDIENCE <\/code>sul GUID, altrimenti la validazione del token fallir\u00e0 pur avendo in mano un token apparentemente valido. <\/p>\n\n<h2 class=\"wp-block-heading\">Claim mappati all&#8217; ACL placeholder<\/h2>\n\n<p class=\"wp-block-paragraph\">Gli stessi claim che autenticano il client guidano anche l&#8217;autorizzazione. Le nuove variabili espongono tre segnaposto per il motore ACL: <\/p>\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th class=\"has-text-align-left\" data-align=\"left\"><strong>JWT claim<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>Config<\/strong><\/th><th class=\"has-text-align-left\" data-align=\"left\"><strong>ACL placeholder<\/strong><\/th><\/tr><\/thead><tbody><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>oid<\/code> (Entra) \/ <code>sub<\/code> (generic)<\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>JWT_PRINCIPAL_CLAIM<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>{username}<\/code><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>azp <\/code>\/ <code>appid<\/code> (Entra)<\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>JWT_ORGANIZATION_CLAIM<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>{organization}<\/code><\/td><\/tr><tr><td class=\"has-text-align-left\" data-align=\"left\"><code>roles<\/code> (Entra) \/ <code>groups<\/code> (generic)<\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>JWT_GROUPS_CLAIM_NAME<\/code><\/td><td class=\"has-text-align-left\" data-align=\"left\"><code>{group}<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n<p class=\"wp-block-paragraph\">Una regola come <code>t\/{organization}\/{username}\/#<\/code> limita automaticamente un client a un prefisso topic costruito dall&#8217;app chiamante e dal suo object ID stabile, senza necessit\u00e0 di livelli di mapping aggiuntivi<\/p>\n\n<h2 class=\"wp-block-heading\">Rinnovo dei token senza interrompere la sessione<\/h2>\n\n<p class=\"wp-block-paragraph\">I token di Entra ID hanno una durata di circa un&#8217;ora. Se i tuoi client MQTT si riconnettono ogni ora per rinnovare i token, perdi tutto lo stato della sessione che non era stato persistito e devi pagare il costo di una nuova sottoscrizione a ogni topic attivo. Per sessioni di lunga durata su dispositivi con risorse limitate, il costo \u00e8 elevato.  <\/p>\n\n<p class=\"wp-block-paragraph\">MQTT v5 ha una soluzione: Enhanced Authentication. Il token viaggia nelle propriet\u00e0 <code>Authentication Method<\/code> e <code>Authentication Data<\/code>del pacchetto CONNECT, invece che in <code>User Name<\/code> e <code>Password.<\/code>. Waterstream 1.7 la supporta, con <code>JWT<\/code> come unico metodo attualmente registrato: <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"768\" height=\"314\" src=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_CONNECT.png\" alt=\"\" class=\"wp-image-7515\" style=\"width:487px;height:auto\" srcset=\"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_CONNECT.png 768w, https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0_CONNECT-300x123.png 300w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">Il flusso legacy<code>User Name = JWT \/ Password = &lt;token&gt;<\/code> funziona ancora ed \u00e8 l&#8217;unica opzione per i client MQTT 3.1.1.<\/p>\n\n<p class=\"wp-block-paragraph\">La ri-autenticazione in sessione \u00e8 il punto centrale. Un client v5 che si \u00e8 connesso con Enhanced Authentication pu\u00f2 inviare un pacchetto <code>AUTH<\/code> in qualsiasi momento con un token aggiornato. Waterstream valida il nuovo token, conferma il pacchetto e la sessione prosegue senza interruzioni, con il timer di scadenza aggiornato all&#8217;<code>exp<\/code>del nuovo token. Le sottoscrizioni rimangono attive. I messaggi QoS 1 e 2 in transito non vanno persi. La connessione TCP non viene toccata.     <\/p>\n\n<p class=\"wp-block-paragraph\">Attiva la ri-autenticazione al 75\u201380% della durata del token corrente, in modo che il rinnovo avvenga prima che il broker verifichi nuovamente la scadenza. Se una ri-autenticazione fallisce, il broker disconnette la sessione e include una propriet\u00e0 <code>Reason String<\/code> utile da registrare sul lato client. <\/p>\n\n<h2 class=\"wp-block-heading\">Ulteriori informazioni<\/h2>\n\n<p class=\"wp-block-paragraph\">Il riferimento completo alla configurazione si trova nella <a href=\"https:\/\/docs.waterstream.io\/1.6.0\/configGuide.html#\" target=\"_blank\" rel=\"noreferrer noopener\">sezione Autenticazione della guida alla configurazione<\/a>, con esempi pratici per il flusso JWKS generico e per Entra ID. La sezione MQTT v5 Enhanced Authentication include snippet per i client Eclipse Paho e HiveMQ relativi ai flussi CONNECT e <code>reauth<\/code>. <\/p>\n\n<p class=\"wp-block-paragraph\"><strong>Waterstream 1.7.0 \u00e8 disponibile ora.<\/strong> <a href=\"https:\/\/waterstream.io\/it\/prova-waterstream\/\" target=\"_blank\" rel=\"noreferrer noopener\">Richiedi una licenza di sviluppo <\/a>e configura il broker con il tuo tenant Entra ID, oppure<a href=\"https:\/\/waterstream.io\/it\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\"> contatta un architect <\/a>se preferisci rivedere insieme il flusso di autenticazione.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Waterstream 1.7.0 verifica i JWT tramite un endpoint JWKS, con una scorciatoia in una riga per Azure Entra ID. L&#8217;autenticazione avanzata MQTT v5 (Enhanced Authentication) permette a una sessione di lunga durata di rinnovare i token senza disconnettersi. Prima della versione 1.7.0, configurare l&#8217;autenticazione JWT significava fissare una singola chiave di firma nella configurazione del [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7510,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[137,128,130],"tags":[],"class_list":["post-7519","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot-it","category-kafka","category-mqtt-it","entry","has-media"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID - Waterstream.io | Simplify MQTT Data Integration<\/title>\n<meta name=\"description\" content=\"Waterstream 1.7.0 introduce l&#039;autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Waterstream 1.7.0\" \/>\n<meta property=\"og:description\" content=\"Waterstream 1.7.0 introduce l&#039;autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/\" \/>\n<meta property=\"og:site_name\" content=\"Waterstream.io | Simplify MQTT Data Integration\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-17T15:17:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-17T15:29:57+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg\" \/>\n<meta name=\"author\" content=\"Waterstream\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Waterstream 1.7.0\" \/>\n<meta name=\"twitter:description\" content=\"Waterstream 1.7.0 introduce l&#039;autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.\" \/>\n<meta name=\"twitter:image\" content=\"http:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Waterstream\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/\"},\"author\":{\"name\":\"Waterstream\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#\\\/schema\\\/person\\\/c8471336c17e2ecc8c51e1d584b3ec47\"},\"headline\":\"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID\",\"datePublished\":\"2026-06-17T15:17:21+00:00\",\"dateModified\":\"2026-06-17T15:29:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/\"},\"wordCount\":667,\"publisher\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/waterstream.io\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Waterstream-1.7.0.jpg\",\"articleSection\":[\"IoT\",\"Kafka\",\"MQTT\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/\",\"url\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/\",\"name\":\"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID - Waterstream.io | Simplify MQTT Data Integration\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/waterstream.io\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Waterstream-1.7.0.jpg\",\"datePublished\":\"2026-06-17T15:17:21+00:00\",\"dateModified\":\"2026-06-17T15:29:57+00:00\",\"description\":\"Waterstream 1.7.0 introduce l'autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#primaryimage\",\"url\":\"https:\\\/\\\/waterstream.io\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Waterstream-1.7.0.jpg\",\"contentUrl\":\"https:\\\/\\\/waterstream.io\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Waterstream-1.7.0.jpg\",\"width\":900,\"height\":600,\"caption\":\"Waterstream 1.7.0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/2026\\\/06\\\/17\\\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/waterstream.io\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/waterstream.io\\\/it\\\/\",\"name\":\"Waterstream.io | Simplify MQTT Data Integration\",\"description\":\"High performance MQTT Broker\",\"publisher\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/waterstream.io\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#organization\",\"name\":\"Waterstream.io | Simplify MQTT Data Integration\",\"url\":\"https:\\\/\\\/waterstream.io\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/waterstream.io\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/WaterStream-Logo-Color.png\",\"contentUrl\":\"https:\\\/\\\/waterstream.io\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/WaterStream-Logo-Color.png\",\"width\":500,\"height\":117,\"caption\":\"Waterstream.io | Simplify MQTT Data Integration\"},\"image\":{\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/waterstream.io\\\/it\\\/#\\\/schema\\\/person\\\/c8471336c17e2ecc8c51e1d584b3ec47\",\"name\":\"Waterstream\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/774b720bde6b29089269455bc31ecae3028eec39cff2333372e13d755f2f5391?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/774b720bde6b29089269455bc31ecae3028eec39cff2333372e13d755f2f5391?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/774b720bde6b29089269455bc31ecae3028eec39cff2333372e13d755f2f5391?s=96&d=mm&r=g\",\"caption\":\"Waterstream\"},\"url\":\"https:\\\/\\\/waterstream.io\\\/it\\\/author\\\/waterstream\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID - Waterstream.io | Simplify MQTT Data Integration","description":"Waterstream 1.7.0 introduce l'autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/","og_locale":"it_IT","og_type":"article","og_title":"Waterstream 1.7.0","og_description":"Waterstream 1.7.0 introduce l'autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.","og_url":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/","og_site_name":"Waterstream.io | Simplify MQTT Data Integration","article_published_time":"2026-06-17T15:17:21+00:00","article_modified_time":"2026-06-17T15:29:57+00:00","og_image":[{"url":"http:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg","type":"","width":"","height":""}],"author":"Waterstream","twitter_card":"summary_large_image","twitter_title":"Waterstream 1.7.0","twitter_description":"Waterstream 1.7.0 introduce l'autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.","twitter_image":"http:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg","twitter_misc":{"Scritto da":"Waterstream","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#article","isPartOf":{"@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/"},"author":{"name":"Waterstream","@id":"https:\/\/waterstream.io\/it\/#\/schema\/person\/c8471336c17e2ecc8c51e1d584b3ec47"},"headline":"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID","datePublished":"2026-06-17T15:17:21+00:00","dateModified":"2026-06-17T15:29:57+00:00","mainEntityOfPage":{"@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/"},"wordCount":667,"publisher":{"@id":"https:\/\/waterstream.io\/it\/#organization"},"image":{"@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#primaryimage"},"thumbnailUrl":"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg","articleSection":["IoT","Kafka","MQTT"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/","url":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/","name":"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID - Waterstream.io | Simplify MQTT Data Integration","isPartOf":{"@id":"https:\/\/waterstream.io\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#primaryimage"},"image":{"@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#primaryimage"},"thumbnailUrl":"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg","datePublished":"2026-06-17T15:17:21+00:00","dateModified":"2026-06-17T15:29:57+00:00","description":"Waterstream 1.7.0 introduce l'autenticazione dinamica tramite Azure Entra ID. Metti in sicurezza la tua infrastruttura IoT aziendale con la rotazione live delle chiavi JWKS.","breadcrumb":{"@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#primaryimage","url":"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg","contentUrl":"https:\/\/waterstream.io\/wp-content\/uploads\/2026\/06\/Waterstream-1.7.0.jpg","width":900,"height":600,"caption":"Waterstream 1.7.0"},{"@type":"BreadcrumbList","@id":"https:\/\/waterstream.io\/it\/2026\/06\/17\/waterstream-1-7-0-authenticating-mqtt-clients-with-entra-id\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/waterstream.io\/it\/"},{"@type":"ListItem","position":2,"name":"Waterstream 1.7.0: Autenticazione dei client MQTT con Entra ID"}]},{"@type":"WebSite","@id":"https:\/\/waterstream.io\/it\/#website","url":"https:\/\/waterstream.io\/it\/","name":"Waterstream.io | Simplify MQTT Data Integration","description":"High performance MQTT Broker","publisher":{"@id":"https:\/\/waterstream.io\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/waterstream.io\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/waterstream.io\/it\/#organization","name":"Waterstream.io | Simplify MQTT Data Integration","url":"https:\/\/waterstream.io\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/waterstream.io\/it\/#\/schema\/logo\/image\/","url":"https:\/\/waterstream.io\/wp-content\/uploads\/2022\/05\/WaterStream-Logo-Color.png","contentUrl":"https:\/\/waterstream.io\/wp-content\/uploads\/2022\/05\/WaterStream-Logo-Color.png","width":500,"height":117,"caption":"Waterstream.io | Simplify MQTT Data Integration"},"image":{"@id":"https:\/\/waterstream.io\/it\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/waterstream.io\/it\/#\/schema\/person\/c8471336c17e2ecc8c51e1d584b3ec47","name":"Waterstream","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/774b720bde6b29089269455bc31ecae3028eec39cff2333372e13d755f2f5391?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/774b720bde6b29089269455bc31ecae3028eec39cff2333372e13d755f2f5391?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/774b720bde6b29089269455bc31ecae3028eec39cff2333372e13d755f2f5391?s=96&d=mm&r=g","caption":"Waterstream"},"url":"https:\/\/waterstream.io\/it\/author\/waterstream\/"}]}},"_links":{"self":[{"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/posts\/7519","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/comments?post=7519"}],"version-history":[{"count":1,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/posts\/7519\/revisions"}],"predecessor-version":[{"id":7520,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/posts\/7519\/revisions\/7520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/media\/7510"}],"wp:attachment":[{"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/media?parent=7519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/categories?post=7519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/waterstream.io\/it\/wp-json\/wp\/v2\/tags?post=7519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}