OnConnectAuthenticate cannot specify an error code (like Client Identifier not valid)

[snej]

The conclusion of issue #398 was that the Server shouldn't require usernames to match in a session takeover; instead an OnConnectAuthenticate hook should do this if desired, i.e. rejecting the login if the clientID matches a persistent session but the username does not.

However, the OnConnectAuthenticate hook cannot specify an error code; all it can do is return false, in which case the client is sent a "Not authorized" error. This is misleading: the error code implies the client credentials are incorrect, but instead it's the client ID that's incorrect. This could be really confusing for a developer, especially since it would likely be an intermittent problem.

The proper error code would be "Client Identifier not valid" or "Connection Refused, identifier rejected" -- if the client got that error instead, it would know to generate a different session ID and retry. Or at least the developer would have a better idea what's going on and how to fix it.

It seems the OnConnectAuthenticate hook should be extended so it can return different error codes. But changing the return type would break API compatibility. I don't know what approach would be best. Maybe define a new hook method OnConnectAuthenticate2 with a different signature, and have Server call that one instead if it's provided?

[werbenhu]

@snej According to the MQTT v5.0 spec, each Reason Code has a specific meaning. Please refer to MQTT v5.0 Section 2.4 Reason Code.

0x85 | Client Identifier not valid | CONNACK
0x86 | Bad User Name or Password | CONNACK
0x87 | Not authorized | CONNACK, PUBACK, PUBREC, SUBACK, UNSUBACK, DISCONNECT

If we add a hook, for example, called OnConnectAuthenticateWithErr(), the error returned by the hook must correspond to one of the Reason Codes described in the spec. However, it's difficult to ensure that users of this hook will fully understand and return the correct Reason Codes.