* Use OAuth2 for HTTP API access. Thanks @MarcialRosales

Author: lukebakken

projects/Test/OAuth2/OAuth2Options.cs

@@ -96,7 +96,7 @@ public override string ClientId
             {
                 return _mode switch
                 {
-                    Mode.uaa => "rabbit_client_code",
+                    Mode.uaa => "mgt_api_client",
                     Mode.keycloak => "mgt_api_client",
                     _ => throw new InvalidOperationException(),
                 };
@@ -109,7 +109,7 @@ public override string ClientSecret
             {
                 return _mode switch
                 {
-                    Mode.uaa => "rabbit_client_code",
+                    Mode.uaa => "mgt_api_client",
                     Mode.keycloak => "LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa",
                     _ => throw new InvalidOperationException(),
                 };

projects/Test/OAuth2/TestOAuth2.cs

@@ -51,8 +51,7 @@ public class TestOAuth2 : IAsyncLifetime
         private readonly IConnectionFactory _connectionFactory;
         private readonly int _tokenExpiresInSeconds;
         private readonly OAuth2ClientCredentialsProvider _producerCredentialsProvider;
-        // TODO rabbitmq-dotnet-client-1639
-        // private readonly OAuth2ClientCredentialsProvider _httpApiCredentialsProvider;
+        private readonly OAuth2ClientCredentialsProvider _httpApiCredentialsProvider;
         private readonly CancellationTokenSource _cancellationTokenSource = new CancellationTokenSource();
 
         private IConnection? _connection;
@@ -68,9 +67,8 @@ public TestOAuth2(ITestOutputHelper testOutputHelper)
             var producerOptions = new OAuth2ProducerOptions(mode);
             _producerCredentialsProvider = GetCredentialsProvider(producerOptions);
 
-            // TODO rabbitmq-dotnet-client-1639
-            // var httpApiOptions = new OAuth2HttpApiOptions(mode);
-            // _httpApiCredentialsProvider = GetCredentialsProvider(httpApiOptions);
+            var httpApiOptions = new OAuth2HttpApiOptions(mode);
+            _httpApiCredentialsProvider = GetCredentialsProvider(httpApiOptions);
 
             _connectionFactory = new ConnectionFactory
             {
@@ -176,10 +174,8 @@ public async void IntegrationTest()
                                 async Task CloseConnection()
                                 {
                                     Assert.NotNull(_connection);
-                                    // TODO rabbitmq-dotnet-client-1639
-                                    // Credentials httpApiCredentials = await _httpApiCredentialsProvider.GetCredentialsAsync();
-                                    // closeConnectionUtil = new Util("mgt_api_client", httpApiCredentials.Password);
-                                    closeConnectionUtil = new Util(_testOutputHelper);
+                                    Credentials httpApiCredentials = await _httpApiCredentialsProvider.GetCredentialsAsync();
+                                    closeConnectionUtil = new Util(_testOutputHelper, "mgt_api_client", httpApiCredentials.Password);
                                     await closeConnectionUtil.CloseConnectionAsync(_connection.ClientProvidedName);
                                 }
 
@@ -192,12 +188,12 @@ async Task CloseConnection()
                             {
                                 await closeConnectionTask;
                                 closeConnectionTask = null;
-                            }
 
-                            if (closeConnectionUtil != null)
-                            {
-                                closeConnectionUtil.Dispose();
-                                closeConnectionUtil = null;
+                                if (closeConnectionUtil != null)
+                                {
+                                    closeConnectionUtil.Dispose();
+                                    closeConnectionUtil = null;
+                                }
                             }
 
                             _testOutputHelper.WriteLine("{0} [INFO] Resuming ...", DateTime.Now);

projects/Test/OAuth2/keycloak/import/test-realm.json

@@ -508,7 +508,7 @@
     "credentials" : [ ],
     "disableableCredentialTypes" : [ ],
     "requiredActions" : [ ],
-    "realmRoles" : [ "default-roles-test", "rabbitmq-management", "rabbitmq.tag:management" ],
+    "realmRoles" : [ "default-roles-test", "rabbitmq-management", "rabbitmq.tag:administrator" ],
     "notBefore" : 0,
     "groups" : [ ]
   }, {

projects/Test/OAuth2/keycloak/rabbitmq.conf

@@ -1,8 +1,7 @@
 log.console = true
 log.console.level = debug
 
-auth_backends.1 = internal
-auth_backends.2 = oauth2
+auth_backends.1 = oauth2
 
 auth_oauth2.resource_server_id = rabbitmq
 auth_oauth2.preferred_username_claims.1 = username

projects/Test/OAuth2/uaa/rabbitmq.conf

@@ -1,8 +1,7 @@
 log.console = true
 log.console.level = debug
 
-auth_backends.1 = internal
-auth_backends.2 = oauth2
+auth_backends.1 = oauth2
 
 management.oauth_enabled = true
 management.oauth_client_id = rabbit_client_code

projects/Test/OAuth2/uaa/uaa.yml

@@ -125,7 +125,7 @@ oauth:
       id: mgt_api_client
       secret: mgt_api_client
       authorized-grant-types: client_credentials
-      authorities: rabbitmq.tag:monitoring
+      authorities: rabbitmq.tag:administrator
     rabbit_client_code:
       id: rabbit_client_code
       secret: rabbit_client_code