Skip to content

OAuth2: plumbing for opaque token support #13978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 103 commits into from
Closed

OAuth2: plumbing for opaque token support #13978

wants to merge 103 commits into from

Conversation

@MarcialRosales
Copy link
Contributor

@MarcialRosales MarcialRosales commented May 29, 2025
edited
Loading

Proposed Changes

Implements #8662

Tasks:

  • Add introspection endpoint settings to schema
  • Support opaque tokens via messaging protocols like amqp
  • Add Selenium messaging test to assert opaque tokens are supported over amqp
  • Support opaque tokens in management ui. It requires introspecting the token before passing it to the oauth backend. Otherwise, every single authorization request requires a token introspection
  • Support opaque tokens when using idp-initiated login. Here opaque tokens arrive on the Authorization header and they need to be introspected too.
  • Support opaque tokens when a connection updates its token via the available mechanisms in the protocol (amqp, etc).
  • Add Selenium tests for management ui with opaque tokens for sp-initiated login
  • Add Selenium tests for management ui with opaque tokens for idp-initiated login
  • Update documentation

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

  • Bug fix (non-breaking change which fixes issue #NNNN)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause an observable behavior change in existing systems)
  • Documentation improvements (corrections, new content, etc)
  • Cosmetic change (whitespace, formatting, etc)
  • Build system and/or CI

@MarcialRosales MarcialRosales self-assigned this May 29, 2025
@MarcialRosales MarcialRosales force-pushed the feature-8662 branch 3 times, most recently from fe04c36 to 7c59322 Compare June 20, 2025 09:37
@MarcialRosales MarcialRosales force-pushed the feature-8662 branch 5 times, most recently from 1e50258 to 9605c96 Compare July 15, 2025 05:07
@MarcialRosales MarcialRosales force-pushed the feature-8662 branch 2 times, most recently from d23826e to 9b275c7 Compare July 17, 2025 14:04
@mergify mergify bot added the make label Jul 18, 2025
@MarcialRosales MarcialRosales force-pushed the feature-8662 branch 5 times, most recently from f4bdb4f to 3b53316 Compare July 23, 2025 13:46
@MarcialRosales MarcialRosales force-pushed the feature-8662 branch 6 times, most recently from 7a7d9b4 to 8b1321f Compare August 4, 2025 08:11
@MarcialRosales
Declare CONF_DIR_PREFIX on a different line
0b78b5b
@MarcialRosales
Generate env var for github before running test
3c29594
@MarcialRosales
Export env var before running tests
e28853e
@MarcialRosales
Capture logs only when tests have failed
224608e
@MarcialRosales
Test opaque token in ui as part of short ui suite
08fb8a8
@MarcialRosales
Fix ci job and generation of ssl certs
98169a1
@MarcialRosales
Add missing dedicate page for spring
6afac45
@MarcialRosales
Add users required by oauth flows to spring
d5189ed
@MarcialRosales
Fix issues using oauth2 with spring
93417dd
@MarcialRosales
Revert wrong version of spring auth server
ae1a379
@MarcialRosales
Allow SPRING_DOCKER_IMAGE to be configured externally
b01590b
@MarcialRosales
Bump up version of spring auth server
538be8a
@MarcialRosales
Remove rabbitmq scopes from oauth client
282a738 
otherwise the token carries a scope which
the user does not have
@MarcialRosales
Use 0.0.9 version of spring
581ead4
@MarcialRosales
Use a generic idp url rather than uaa
e1bdf49
@MarcialRosales
Modify fakeportal so that it can talk to spring too
b2629d0
@MarcialRosales
Fix configuration for idp-initiated with opaque tokens
9e63db8
@MarcialRosales
Use 0.0.10
256dba4
@MarcialRosales
Add negative system tests for refresh opaque token
e8ca661
@MarcialRosales
Fix test case
874caa9
@MarcialRosales
Fix tests
d956635 
update_secret will always return ok even though it is
not. That is because it sends ok to all the channels. And
then it sends an error to the connection.
@MarcialRosales
Fix test case
d99f8f9 
The issue is that some idp initiated flows requires
a client_id and secret which for opaque tokens
we need to confiugre a different client_id and secret
@michaelklishin michaelklishin changed the title OAuth2: support opaque tokens OAuth2: plumbing for opaque token support Aug 18, 2025
@MarcialRosales
Copy link
Contributor Author

MarcialRosales commented Aug 19, 2025

Moved to Tanzu

@michaelklishin michaelklishin deleted the feature-8662 branch August 19, 2025 14:56
@rabbitmq rabbitmq locked as resolved and limited conversation to collaborators Aug 19, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@MarcialRosales MarcialRosales

Labels

make rabbitmq-auth-backend-oauth2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MarcialRosales @michaelklishin