rabbitmq with rabbit_auth_backend_oauth2 plugin with AMQP1.0 auth problem #6875
Replies: 3 comments 2 replies
-
|
Consider using GitHub Discussions for questions, they have been around for well over a year. The same permission system is used by AMQP 1.0, MQTT and STOMP. |
Beta Was this translation helpful? Give feedback.
-
|
But there is a difference between 0.9 and 1.0 right? Is it possible to use AMQP1.0 with |
Beta Was this translation helpful? Give feedback.
-
|
@MarcialRosales is there any chance you have tested Oauth2 with the AMQP 1.0 plugin? |
Beta Was this translation helpful? Give feedback.
-
|
@lukebakken I have not but I am doing it today. |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I am using rabbitmq and keycloak with rabbitmq
rabbit_auth_backend_oauth2plugin to authenticate users. In version 0.9 of protocol AMQP it was done byscopefield in token (in version 0.9 in token I have"scope": "rabbitmq.read:*/* rabbitmq.write:*/* rabbitmq.configure:*/*",) and this was enough to grant access to virtual host. So now in version 1.0 what is equivalent of this key? How can I grant permission for user to read and write from my rabbitmq?Logs in rabbitmq now:
2023-01-13 10:08:30.817765+00:00 [info] <0.1010.0> accepting AMQP connection <0.1010.0> (172.18.0.1:37144 -> 172.18.0.3:5672) 2023-01-13 10:08:30.824108+00:00 [debug] <0.1010.0> Computing username from client's JWT token, client ID: 'undefined', sub: '63ec2047-6689-45c0-981d-f9b127a6bb7f' 2023-01-13 10:08:30.824277+00:00 [debug] <0.1010.0> User '63ec2047-6689-45c0-981d-f9b127a6bb7f' authenticated successfully by backend rabbit_auth_backend_oauth2 2023-01-13 10:08:30.824367+00:00 [info] <0.1010.0> AMQP 1.0 connection <0.1010.0>: user '63ec2047-6689-45c0-981d-f9b127a6bb7f' authenticated 2023-01-13 10:08:30.826201+00:00 [debug] <0.1010.0> AMQP 1.0 connection.open frame: hostname = vhost:keycloak, extracted vhost = keycloak, idle_timeout = 60000 2023-01-13 10:08:30.831812+00:00 [debug] <0.1020.0> Authentication using an OAuth 2/JWT token failed: provided token is invalid 2023-01-13 10:08:30.831965+00:00 [debug] <0.1020.0> User '63ec2047-6689-45c0-981d-f9b127a6bb7f' failed authenticatation by backend rabbit_auth_backend_oauth2It looks like user is known and authenticated and connection is open but when I try to subscribe to any vhost, second authentication is doing and its failed. I tried many different virtual hosts in rabbitmq. Is it possible to connect this two plugins together?
Any advice?
Beta Was this translation helpful? Give feedback.
All reactions