Skip to content

OAuth2: support opaque tokens #13978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 26 commits into
base: main
Choose a base branch
from
Draft

OAuth2: support opaque tokens #13978

wants to merge 26 commits into from
+1,005 −73

Conversation

MarcialRosales
Copy link
Contributor

@MarcialRosales MarcialRosales commented May 29, 2025
edited
Loading

Proposed Changes

Implements #8662

RabbitMQ will never cache the resolved JWT access token. it will only be cached for the duration of the session/connection. Once RabbitMQ resolves the JWT access token (i..e exchanged the opaque one for a JWT one), it will work as usual, i.e. it will use the expiry date in the resolved JWT access token.

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

  • Bug fix (non-breaking change which fixes issue #NNNN)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause an observable behavior change in existing systems)
  • Documentation improvements (corrections, new content, etc)
  • Cosmetic change (whitespace, formatting, etc)
  • Build system and/or CI
@MarcialRosales MarcialRosales self-assigned this May 29, 2025
@MarcialRosales MarcialRosales force-pushed the feature-8662 branch 3 times, most recently from fe04c36 to 7c59322 Compare June 20, 2025 09:37
@MarcialRosales
Add tokeninfo_endpoint
e5efe89
@MarcialRosales
Add missing id tag
f851f24
@MarcialRosales
Move changes from PR that created the spring auth server
cdaf3f0
@MarcialRosales
Add binaries to deploy spring auth server
07dd0f1
@MarcialRosales
Add introspection_endpoint to oauth2 schema
ccb5226
@MarcialRosales
Fix typo and test case
7125f51
@MarcialRosales
Update settings in schema
d210179
@MarcialRosales
Add function that detects if token is JWT
40350db
@MarcialRosales
Test resolve resource server with opaque access token
f34db55
@MarcialRosales
Improve configuration of introspection
43378fa
@MarcialRosales
Fix config test
1ca55c2 
There is still an issue mapping client_auth_method
@MarcialRosales
Fix introspection_client_auth_method
2117994
@MarcialRosales
Move introspect token to oauth2_client
37c64fb
@MarcialRosales
Fix unit test
cc8bf89
@MarcialRosales
Add more tsets
ffa7865
@MarcialRosales
Fix first basic tests
ab4220d
@MarcialRosales
Add more test coverage
ec818a1
@MarcialRosales
Add function that will resolve an opaque token
e0f661c
@MarcialRosales
Remove funtion as not needed
9417ea5
@MarcialRosales
Remove statement
69e61f3
@MarcialRosales
Fix access-token-format configuration
295cbc7 
And add client used to introspect tokens
@MarcialRosales
Configure oauth2 client for mgt ui
fce25b3 
so that it is possible to test with clients configured with opaque tokens and others with jwt tokens
@MarcialRosales
Opaque token working on management ui
0ac72fd 
Refactoring needed so that the resolved jwt token is kept in the management ui so that the backend does not need to reoolve it permanentely
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
rabbitmq-auth-backend-oauth2
1 participant
@MarcialRosales