root
/
rabbitmq-server
mirror of https://github.com/rabbitmq/rabbitmq-server.git
1
0
Fork 0
Code Issues Actions 10 Packages Projects Releases Wiki Activity
59,322 Commits 177 Branches 546 Tags 272 MiB
Commit Graph

182 Commits

Author SHA1 Message Date
Michael Klishin 37366191f2 Extract tags from the provided JWT token 
Pair: @acogoluegnes.

[#158782152]
[#158782156]
 2018-07-09 18:26:53 +03:00
Michael Klishin ff5fdc0829 Logging, naming 
[#158782152]
[#158782156]
 2018-07-09 08:51:08 +03:00
Michael Klishin 915c45390c Adopt uaa_jwt:client/2 and uaa_jwt:sub/2 
[#158782152]
[#158782156]
 2018-07-09 07:20:57 +03:00
Michael Klishin e5c84c31fa Pass decoded token so that effective username is computed from it 
[#158782152]
[#158782156]
 2018-07-06 17:35:34 +03:00
Michael Klishin cb4dfba58a Expect access token in the password field 
We cannot pass access tokens in the username since
those are logged and displayed by operator tools.

Per discussion with @acogoluegnes.

[#158782152]
[#158782156]
 2018-07-05 19:50:12 +03:00
Michael Klishin 54bf34d9c7 Wording 
[#158782152]
[#158782156]
 2018-07-03 20:02:48 +03:00
Michael Klishin 7a758a2ece More test massaging, remove debug logging 
[#158782152]
[#158782156]
 2018-07-03 16:27:58 +03:00
Michael Klishin 4cc2cfef89 Split and simplify unit tests; naming 2018-07-03 02:15:51 +03:00
Daniil Fedotov 7cf71b01a6 Better errors when validating the decoded token 2018-06-25 15:51:29 +01:00
Daniil Fedotov 032be9763b Use erlang version of uaa_jwt and jose 2018-06-21 17:07:35 +01:00
Daniil Fedotov 973ef5ccef Add support for pem public key 2017-09-20 16:40:56 +01:00
Daniil Fedotov 540f3452c9 Handle json parsing error 2017-02-16 15:58:39 +00:00
Daniil Fedotov 7b421e6ae1 Return error instead of error_message to comply with authz_backend API 2017-02-08 16:32:59 +00:00
Daniil Fedotov c71c3eb292 Test token expiration 2017-02-03 13:01:24 +00:00
Daniil Fedotov 612c9eeacf Do not decode token every time permission is checked. 
Decoded token is saved to `impl`.
When permission is checked, the `exp` field of the token
is compared to system_time and if the token is expired
`{error_message, "Token expired"}` is returned.
 2017-02-02 18:31:01 +00:00
Daniil Fedotov a07b4485e6 Test key validation when adding via cli command 2017-02-02 12:25:38 +00:00
Daniil Fedotov 78bb2044fb Test command validation 2017-02-02 11:29:25 +00:00
Daniil Fedotov df197ad5b9 Command to add UAA signing keys 2017-02-01 17:15:10 +00:00
Daniil Fedotov 759d66263b Decode and verify UAA JWT tokens without connecting to UAA server 
Fixes #3
Uses rabbitmq/uaa_jwt library to decode a token and verify signature.
Signing keys should be predefined in the uaa_jwt application environment
 2017-01-27 11:32:14 +00:00
Michael Klishin 42e401e900 invalid_resource_authorization => resource_server_authentication_failed 
HTTP 401 response can indicate an authorization failure as well
but let's assume authentication failures will be more common in this
specific case.
 2017-01-27 01:51:48 +03:00
Michael Klishin ff88614186 Wording 2017-01-27 01:34:47 +03:00
Daniil Fedotov a53e4d3cb9 Support topic authorization 2017-01-24 17:26:59 +00:00
Daniil Fedotov dfc61ec18f Change scope to permission mapping 2016-12-20 13:13:18 +00:00
Daniil Fedotov ff84dfae52 Support for custom resource kinds 2016-02-16 12:36:38 +00:00
Daniil Fedotov b5c47a75f6 Resource ID filtering 2016-02-16 12:22:49 +00:00
Daniil Fedotov 4835e0b3af Indent 2016-01-20 14:24:06 +00:00
Daniil Fedotov 99279bd10f Tests 2016-01-20 14:04:14 +00:00
Daniil Fedotov db72e7d9e3 Tesing on working UAA 2016-01-18 18:05:45 +00:00
Daniil Fedotov 0109fab275 Resource id. Scopes README 2016-01-15 17:03:31 +00:00
Daniil Fedotov d6888dafb0 wrong arity 2016-01-15 16:51:16 +00:00
Daniil Fedotov f0a5693939 rabbitmq_oauth2_scope from oauth backend 2016-01-15 16:50:25 +00:00
Daniil Fedotov 47da90b652 Init. Make request to /check_token 2016-01-15 14:50:21 +00:00