Two-way integration - how?

We operate a multi tenant chirpstack installation. Multiple organisations with multiple users and applications each.

How do you guys make two-way integrations? By two-way I mean Integrations that can be used for both uplink and downlink messages.

With the HTTP, influxdb and thingsboard integrations only uplink traffic is possible.
This must then be combined with calls to the API to inject downlink messages. Unfortunately these calls are authorized on the user level, where as the uplink integration is on the application level.
This leads to an unwanted asymmetry.

An other option, and what we currently do, is to give access to the underlying mosquitto and make the application integrations using MQTT. This is nice and symmetric but requires a little configuration done by an server admin. create a mosquitto user and add an ACL allowing traffic to and from a particular application.

I would much have preferred something that the users could set up by them self.

I have asked this question a few times over the years, but would like to hear if any of you have some new thoughts on this.

To me the obvious answer is still that chirpstack is missing MQTT as an option in the integration menu. Brocaar can I get an quote on implementing that?

We handle all our user authentication and access control at our application/platform level, which sits a layer above ChirpStack. As you’ve noted, there is asymmetry here. ChirpStack user controls are also fairly rudimentary for what we would need as a platform.

Our case may be less common, though, as ChirpStack is 1 of 4 hardware ingest (and egest) methods that our platform supports, so we’re not strictly wrapping LoRaWAN functionality.