MQTT (Message Queuing Telemetry Transport) is a very commonly used protocol in the microservices and IoT world. Many current IoT devices connect the message broker with the TLS connection, which provides confidentiality, and data integrity. But, it cannot prevent attackers from extracting the login credential from the IoT device and attack the broker by sending a carefully designed request to the message broker. In this project, I made some changes to the authorization and authentication functions to be able to solve some security concerns. I made a web-based management application to be able to friendly modify device credentials, roles, and permissions.