JWT Token not allowing access

[h0jeZvgoxFepBQ2C]

Hi,

I really don't understand anymore why my JWT setup doesn't work, it just shows following error:

[debug] User 'ro_user' failed authenticatation by backend rabbit_auth_backend_internal
[debug] User 'ro_user' authentication failed with error:function_clause:
[debug] [{rabbit_auth_backend_oauth2,validate_payload,
[debug]                              [#{<<"aud">> => [<<"rabbitmq">>],
[debug]                                 <<"client_id">> => <<"ro_user">>,
[debug]                                 <<"exp">> => 1675891812,
[debug]                                 <<"iss">> =>
[debug]                                     <<"http://localhost:3000/tesssst">>,
[debug]                                 <<"jti">> =>
[debug]                                     <<"uSyd98Kxw7zfnVGjjOG6ivpiWxEpiZ">>,
[debug]                                 <<"scopes">> =>
[debug]                                     [<<"rabbitmq.read:*/*">>,
[debug]                                      <<"rabbitmq.write:*/*">>,
[debug]                                      <<"rabbitmq.configure:*/*">>],
[debug]                                 <<"sub">> => <<"ro_user">>}],
[debug]                              [{file,"rabbit_auth_backend_oauth2.erl"},
[debug]                               {line,489}]},
[debug]  {rabbit_auth_backend_oauth2,authenticate,2,
[debug]                              [{file,"rabbit_auth_backend_oauth2.erl"},
[debug]                               {line,128}]},
[debug]  {rabbit_auth_backend_oauth2,user_login_authentication,2,
[debug]                              [{file,"rabbit_auth_backend_oauth2.erl"},
[debug]                               {line,66}]},
[debug]  {rabbit_access_control,try_authenticate,3,
[debug]                         [{file,"rabbit_access_control.erl"},{line,92}]},
[debug]  {rabbit_access_control,'-check_user_login/2-fun-0-',4,
[debug]                         [{file,"rabbit_access_control.erl"},{line,57}]},
[debug]  {lists,foldl_1,3,[{file,"lists.erl"},{line,1355}]},
[debug]  {rabbit_access_control,check_user_login,2,
[debug]                         [{file,"rabbit_access_control.erl"},{line,42}]},
[debug]  {rabbit_direct,connect,5,[{file,"rabbit_direct.erl"},{line,92}]}]
[warning] STOMP login failed for user 'ro_user': authentication failed
[error] STOMP error frame sent:
[error] Message: "Bad CONNECT"
[error] Detail: "Access refused for user 'ro_user'\n"
[error] Server private detail: none

Custer name: rabbitmq

Rabbitmq conf:

auth_backends.2 = internal
auth_backends.1 = oauth2

My advanced config:

[
  {rabbit, [
    {default_user, <<"admin">>},
    {default_pass, <<"admin">>},
    {auth_backends, [rabbit_auth_backend_internal, rabbit_auth_backend_oauth2]}
  ]},
  {rabbitmq_management, [
    {enable_uaa, false}
  ]},
  {rabbitmq_auth_backend_oauth2, [
    {resource_server_id, <<"rabbitmq">>},
    %% UAA signing key configuration
    {key_config, [
      {default_key, <<"key1">>},
      {signing_keys, #{
        <<"key1">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspqDRZu2m+5orD+rwRO3
sloHYFZB/AYNx8KKeXSpE93vjvyDGZHzcW/xR1MMdQV31uQn3hUdzg6K2bWUKm2M
PXNP4b9jheX/wCE5gwL95dw1rSBc8hWUG/HtVGfur9+6z1ZO2Rowmq0iuJfKFw2y
SwqdNd8GNi7JE6dLcfUC0YpwpRZUPBGpDJW4U6vtBPe9p7V7Aafv+xliGAMpjOdU
rUCm9tdnKzRylVyRIaYAxejJUvCETFzw710FLGus4YnlvOkzEze03hgMwl6U82Xt
D+CltMQxfacL7I1LIlYMaBcrOHiZqUQg8LC2aESBPi18XtKQJw8ACEmykVLFT7O8
awIDAQAB
-----END PUBLIC KEY-----">>}
          }}
      ]}
    ]}
].

Example JWT key:

eyJ0eXAiOiJKV1QiLCJrdHkiOiJSU0EiLCJraWQiOiJrZXkxIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJyb191c2VyIiwiY2xpZW50X2lkIjoicm9fdXNlciIsInNjb3BlcyI6WyJyYWJiaXRtcS5yZWFkOiovKiIsInJhYmJpdG1xLndyaXRlOiovKiIsInJhYmJpdG1xLmNvbmZpZ3VyZToqLyoiXSwiYXVkIjpbInJhYmJpdG1xIl0sImp0aSI6IktiZUtSa0dXc1dYS3NJNTU3ajRqa2ZYUHFGTTY3cCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMC90ZXNzc3N0IiwiZXhwIjoxNjc1ODkxOTc4fQ.PLcGNp798AgtR_YfmiiYYEVtzxYzWnaSFQkMfQEGWOm8mGqw_fQK0YJlglQBj98Bhv54mX9s1HbOi5gdXz7nbooECjwzEhGP0D8S7UgfdiruqWK-EMtRvommUgbP6Tt8U4Lb_Pwq74wFvf-r7WBrApXIx4-IyxqpaEtQSYSANdDOsjGOAgi3n1ghn3SM5G7w_V1PHBUD2_i7-p4pt_5pRcmNrdlePyfuRZCYwOCiz58WnaRsuCETK1ymbvJf1G2EVMqWsTFfSvvTheNQCuiYFEYXW6_-Tm5-6KDuLLuvF6Vdak5W7wI0aHPFEj8LhpZboRMlZp2y7YKEuhqi_LIxGw

Would be really nice if someone could give me a hint... I also don't understand the error message, it doesn't give any useful hint as far as I understood it :/

[h0jeZvgoxFepBQ2C]

Arrrrr I got it working..

I had a typo, the key is correctly scope not scopes 🤦 Works now!

[michaelklishin]

I guess the plugin could support both but product-specific changes (OAuth 2 has quite a few already) are often frowned upon :/