Any chance of adding an RPC username and password field to the accounts page which, if completed passes these as rpc-creds so that we can use mdash UI with rpc locked down?
Let us see what’s the best way…
Apparently it is only you who needs that.
If I’m the only one then clearly no business case for this. Surprised nobody else is using RPC creds to prevent their device being controlled via RPC across a local network though…
Opening a device as a network service is risky, I guess that’s the main reason. The simplest is it keep a device as a client only.
I am also looking for this feature. I implemented authentication and authorization to secure my UART channel but now i am not able to call RPC from mdash.
Can you elaborate on how can somebody from local network call RPC?
I thought RPC is triggered via MQTT, and the only MQTT channel is towards cloud?
@i_papp The mdash client library for Arduino IDE or ESP-IDF support only MQTT as an RPC transport. Mongoose OS however supports more - including HTTP/Websocket, Serial, etc. Thus, an RPC handler could be invoked via a local network. Locally exposed RPC functions need authentication for security, which is implemented using Digest mechanism (similarly to the HTTP Digest auth). RPC services protected by Digest auth are not callable via the mDash UI, because UI does not yet means of specifying Digest username/password.