Could RabbitMQ use a simple mode OAuth 2.0 Service? #11810

TeraScienceIoT · 2024-07-24T10:19:15Z

TeraScienceIoT
Jul 24, 2024

We has a OAuth 2.0 backend which used to be backend to many applications.
It used to be a MQTT OAuth backend, receive the token and sign it.
One signed token example is :
{
"client_id": "620F3412-E273-48D3-864A-DA7F67B5B262",
"client_pub_key": "LLSZcG+cVSrwfjLjADCqEx2uyaNByZXdDLMbcb38koazutrV8GSy2eMJgZGXcFM4ZBdcT9eoV1+4+4ycYGzd8dwm5BeeoF4mGfg1UpzXvKwzg915hSxkhOnd6RLm0ZJmDSUGQcVEwwO/emoVjDxnlXAeArLDCvlR1bHsx0svSzE=@ZB1QrJ3qqJ8enSHSUdgQ7jxpBRdEASdc6y2K+UESX8YNkn4gwF9yX8g8i+lISs5LU7kdK3HDwz9UdAjrw9oPPpLtSshDxrWIh96i/tW9js8fYjIB3wKMflwXzz89F8DSATgVHGqw8IV0E8NnfRnbNvBhfj0km/e7NUV5tGtF/HQ=",
"sign_data": "FkRcF8SU06WHIhmxe8m8yCDckiNmI4DV+9n5z8ifR+Bm6rIA0sbckCDlMCjBenkCdQ/1gXyAA3JMWCqhZU3jKC6GeoyS4G/E9V6jxoWWtB8fOolho7q5HQYKei0e1pe257wlcGlg+jzGu/tZC0ti9jyu1yzMrnzQR8OQgBKLcVo=@XktMfSGoaBxfBCVes1TsIZPpNrBhWgmymibqy1R4oDx92wookKn7yKO8qLiHo+eecBg2BCiq8mKytxDT3bs8PJ1hMT0g8dhD73z7kAQxdYbY4Vk5a8FJhB5lqLcmrT8j/yim0ylSr0vsR2cVfRGS0b2XngeZlA9apP0nslbwWLQ=",
"data": ""
}

When post the signed to jwks url with access_token parameter , it returns HTTP 200.
Could I use it for RabbitMQ MQTT service as OAuth 2.0 backend? It do not provide any other things like signing keys and the token do not provide any otherthings like aud.
If yes, how could I configure RabbitMQ ?

Any advice will be appreciated.

Answered by michaelklishin

Aug 2, 2024

RabbitMQ's JWT token requirements are documented in the extensive OAuth 2 guide:

Prerequisites, which explicitly mentions the aud field and what it must match in RabbitMQ configuration
Scopes express the permissions your client has, so this field is not optional
Signing keys are not optional but they don't have to be provided in the configuration, RabbitMQ 3.13 can fetch them from an JWKS URL

RabbitMQ Core Team will not provide any support for deviating JWT tokens or OAuth 2/IDP setups.
Our OAuth 2 plugin supports five different identity providers with extensive documentation. Please pick one of those options or use a different authN/authZ backend, of which we also support multiple.

View full answer

michaelklishin · 2024-08-02T18:07:44Z

michaelklishin
Aug 2, 2024
Maintainer

RabbitMQ's JWT token requirements are documented in the extensive OAuth 2 guide:

Prerequisites, which explicitly mentions the aud field and what it must match in RabbitMQ configuration
Scopes express the permissions your client has, so this field is not optional
Signing keys are not optional but they don't have to be provided in the configuration, RabbitMQ 3.13 can fetch them from an JWKS URL

RabbitMQ Core Team will not provide any support for deviating JWT tokens or OAuth 2/IDP setups.
Our OAuth 2 plugin supports five different identity providers with extensive documentation. Please pick one of those options or use a different authN/authZ backend, of which we also support multiple.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Could RabbitMQ use a simple mode OAuth 2.0 Service? #11810

{{title}}

Replies: 1 comment

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Could RabbitMQ use a simple mode OAuth 2.0 Service? #11810

TeraScienceIoT Jul 24, 2024

Replies: 1 comment

michaelklishin Aug 2, 2024 Maintainer

TeraScienceIoT
Jul 24, 2024

michaelklishin
Aug 2, 2024
Maintainer