OAuth2.0 signature validation failing for HS256 algorithm with base64 encoded symmetric key #3367
Description
We are trying to use rabbitmq with oauth2 plugin (HS256 + base64url-encoded key value). We are using keycloak as the authentication server. Facing below error while trying to curl api/vhosts with port 15672.
Rabbitmq server-logs
2021-09-06 08:07:14.980 [debug] <0.983.0> Authentication using an OAuth 2/JWT token failed: signature_invalid 2021-09-06 08:07:14.981 [debug] <0.983.0> User '' failed authenticatation by backend rabbit_auth_backend_oauth2 2021-09-06 08:07:14.981 [debug] <0.983.0> User '' failed authenticatation by backend rabbit_auth_backend_internal 2021-09-06 08:07:14.981 [warning] <0.983.0> HTTP access denied: user '' - invalid credentials
advanced.config
[ {rabbit, [ {default_user, <<"user">>}, {default_pass, {encrypted, <<"5239e2VE3SiHKzRFnToP7li34XXPmCJt1aCX95noE/pxOqFUANEh4Iv0NlOIbptu">> } }, {config_entry_decoder, [ {passphrase, <<"mypassphrase">>} ]} ,{auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]} ]}, %%{foo, %% [{bar, [ {path, "/rabbitmq"}, %% {connections_total_enabled, true} ]} ]}, {rabbitmq_management, [ {listener, [{port, 15672} ]} ]}, {rabbitmq_auth_backend_oauth2, [ {resource_server_id, <<"rabbitmq">>}, {key_config, [ {default_key, <<"5635a0fd-b729-414d-b429-0aeb71abed13">>}, {signing_keys, #{ <<"5635a0fd-b729-414d-b429-0aeb71abed13">> => {map, #{ <<"alg">> => <<"HS256">>, <<"value">> => <<"XXXXXXXXx_S7ZeT91_G9QOjPWcHDQgJhaXXXXXXX7NxHA-l6U6WS42k-QacXXN1Eg">>, <<"kty">> => <<"MAC">>} } }} ]} ]} ].
NOTE: The same is working with keycloak + RS256 algorithm. Can anyone point the issue or provide the link to the documentation for configuring the HS256 with a key from keycloak.