WIP More refactoring

split rabbit_oauth2_config into
- rabbit_oauth2_resource_server
- rabbit_oauth2_oauth_provider

and their respective test modules

Signing keys is an oauth provider
concern hence it stays with the
oauth_provider module.

Author: MarcialRosales

deps/rabbitmq_auth_backend_oauth2/BUILD.bazel

@@ -113,7 +113,7 @@ rabbitmq_integration_suite(
 )
 
 rabbitmq_integration_suite(
-    name = "rabbit_oauth2_config_SUITE",
+    name = "rabbit_oauth2_oauth_provider_SUITE",
     additional_beam = [
         "test/oauth2_http_mock.beam",
     ],
@@ -122,6 +122,10 @@ rabbitmq_integration_suite(
     ],
 )
 
+rabbitmq_integration_suite(
+    name = "rabbit_oauth2_resource_server_SUITE"
+)
+
 rabbitmq_integration_suite(
     name = "jwks_SUITE",
     additional_beam = [

deps/rabbitmq_auth_backend_oauth2/app.bzl

@@ -13,7 +13,8 @@ def all_beam_files(name = "all_beam_files"):
             "src/Elixir.RabbitMQ.CLI.Ctl.Commands.AddUaaKeyCommand.erl",
             "src/rabbit_auth_backend_oauth2.erl",
             "src/rabbit_auth_backend_oauth2_app.erl",
-            "src/rabbit_oauth2_config.erl",
+            "src/rabbit_oauth2_oauth_provider.erl",
+            "src/rabbit_oauth2_resource_server.erl",
             "src/rabbit_oauth2_schema.erl",
             "src/rabbit_oauth2_scope.erl",
             "src/uaa_jwks.erl",
@@ -48,7 +49,8 @@ def all_test_beam_files(name = "all_test_beam_files"):
             "src/Elixir.RabbitMQ.CLI.Ctl.Commands.AddUaaKeyCommand.erl",
             "src/rabbit_auth_backend_oauth2.erl",
             "src/rabbit_auth_backend_oauth2_app.erl",
-            "src/rabbit_oauth2_config.erl",
+            "src/rabbit_oauth2_resource_server.erl",
+            "src/rabbit_oauth2_oauth_provider.erl",
             "src/rabbit_oauth2_schema.erl",
             "src/rabbit_oauth2_scope.erl",
             "src/uaa_jwks.erl",
@@ -85,6 +87,7 @@ def all_srcs(name = "all_srcs"):
     )
     filegroup(
         name = "public_hdrs",
+        srcs = ["include/oauth2.hrl"],
     )
 
     filegroup(
@@ -94,7 +97,8 @@ def all_srcs(name = "all_srcs"):
             "src/Elixir.RabbitMQ.CLI.Ctl.Commands.AddUaaKeyCommand.erl",
             "src/rabbit_auth_backend_oauth2.erl",
             "src/rabbit_auth_backend_oauth2_app.erl",
-            "src/rabbit_oauth2_config.erl",
+            "src/rabbit_oauth2_oauth_provider.erl",
+            "src/rabbit_oauth2_resource_server.erl",
             "src/rabbit_oauth2_schema.erl",
             "src/rabbit_oauth2_scope.erl",
             "src/uaa_jwks.erl",
@@ -236,10 +240,19 @@ def test_suite_beam_files(name = "test_suite_beam_files"):
         erlc_opts = "//:test_erlc_opts",
     )
     erlang_bytecode(
-        name = "rabbit_oauth2_config_SUITE_beam_files",
+        name = "rabbit_oauth2_oauth_provider_SUITE_beam_files",
         testonly = True,
-        srcs = ["test/rabbit_oauth2_config_SUITE.erl"],
-        outs = ["test/rabbit_oauth2_config_SUITE.beam"],
+        srcs = ["test/rabbit_oauth2_oauth_provider_SUITE.erl"],
+        outs = ["test/rabbit_oauth2_oauth_provider_SUITE.beam"],
+        app_name = "rabbitmq_auth_backend_oauth2",
+        erlc_opts = "//:test_erlc_opts",
+        deps = ["//deps/oauth2_client:erlang_app"],
+    )
+    erlang_bytecode(
+        name = "rabbit_oauth2_resource_server_SUITE_beam_files",
+        testonly = True,
+        srcs = ["test/rabbit_oauth2_resource_server_SUITE.erl"],
+        outs = ["test/rabbit_oauth2_resource_server_SUITE.beam"],
         app_name = "rabbitmq_auth_backend_oauth2",
         erlc_opts = "//:test_erlc_opts",
         deps = ["//deps/oauth2_client:erlang_app"],

deps/rabbitmq_auth_backend_oauth2/include/oauth2.hrl

@@ -0,0 +1,35 @@
+%% This Source Code Form is subject to the terms of the Mozilla Public
+%% License, v. 2.0. If a copy of the MPL was not distributed with this
+%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
+%%
+%% Copyright (c) 2020-2023 VMware, Inc. or its affiliates.  All rights reserved.
+%%
+
+
+-include_lib("oauth2_client/include/oauth2_client.hrl").
+
+-define(DEFAULT_PREFERRED_USERNAME_CLAIMS, [<<"sub">>, <<"client_id">>]).
+
+-define(TOP_RESOURCE_SERVER_ID, application:get_env(?APP, resource_server_id)).
+%% scope aliases map "role names" to a set of scopes
+
+-record(internal_oauth_provider, {
+    id :: oauth_provider_id(),
+    default_key :: binary() | undefined,
+    algorithms :: list() | undefined
+}).
+-type internal_oauth_provider() :: #internal_oauth_provider{}.
+
+-record(resource_server, {
+  id :: resource_server_id(),
+  resource_server_type :: binary(),
+  verify_aud :: boolean(),
+  scope_prefix :: binary(),
+  additional_scopes_key :: binary(),
+  preferred_username_claims :: list(),
+  scope_aliases :: undefined | map(),
+  oauth_provider_id :: oauth_provider_id()
+ }).
+
+-type resource_server() :: #resource_server{}.
+-type resource_server_id() :: binary() | list().