Client      Broker
 |             |
 |<===========>| TLS connection setup
 |             |
 |             |
 +------------>| CONNECT with Authentication Data
 |             | contains only token
 |             |
 <-------------+ AUTH 0x18 (Cont. Authentication)
 |             | 8-byte RS nonce as challenge
 |             |
 |------------>| AUTH 0x18 (Cont. Authentication)
 |             | 8-byte Client nonce + signature/MAC
 |             |
 |             |---+ Token validation
 |             |   | (may involve introspection)
 |             |<--+
 |             |
 |<------------+ CONNACK 0x00 (Success)