1d942027a9
Add system test for variable expansion
2025-05-29 09:02:29 +02:00
0023ba2a01
Add var expansion to vhost and resource access
2025-05-29 09:02:29 +02:00
3041d6c253
Support in code the old keycloak format
...
That was not keycloak format it was an
extension to the oauth spec introuduced
a few years ago. To get a token from
keycloak using this format, a.k.a.
requesting party token, one has to specify
a different claim type called
urn:ietf:params:oauth:grant-type:uma-ticket
2025-02-11 16:12:15 +01:00
1179d3a3ec
Support keycloak custom format via configuration
2025-02-11 16:12:15 +01:00
968eefa1bb
Bump (c) line year
...
There are no functional changes to this massive diff.
2025-01-01 17:54:10 -05:00
bdaa31e7ea
Tests: catch exception on connection closed
...
The tests force closing the connection with an error
2024-12-16 11:58:05 +01:00
3718fe3289
Prevent change of username on token refresh
2024-11-27 10:41:28 +01:00
c44c5150f2
Fix failing test
...
(cherry picked from commit 6459111f86
2024-11-18 14:44:56 -05:00
0d51ee9ec0
rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key
...
(cherry picked from commit 0d799a50eb
2024-11-18 12:46:40 -05:00
1778bc22aa
Support AMQP 1.0 token renewal
...
Closes #9259 .
## What?
Allow an AMQP 1.0 client to renew an OAuth 2.0 token before it expires.
## Why?
This allows clients to keep the AMQP connection open instead of having
to create a new connection whenever the token expires.
## How?
As explained in https://github.com/rabbitmq/rabbitmq-server/issues/9259#issuecomment-2437602040
the client can `PUT` a new token on HTTP API v2 path `/auth/tokens`.
RabbitMQ will then:
1. Store the new token on the given connection.
2. Recheck access to the connection's vhost.
3. Clear all permission caches in the AMQP sessions.
4. Recheck write permissions to exchanges for links publishing to
RabbitMQ, and recheck read permissions from queues for links
consuming from RabbitMQ. The latter complies with the user
expectation in #11364 .
2024-10-30 10:42:40 +01:00
9893a2bd48
Merge pull request #12399 from rabbitmq/deprecate-oauth2-settings
...
Deprecate two OAuth2 settings: auth_oauth2.jwks_url and management.metadata_url
2024-10-09 11:46:58 -04:00
0f1b8760a4
Fix issue
2024-10-09 11:01:09 -04:00
0835c7ecf4
Resolve merge conflicts
2024-10-09 11:01:09 -04:00
ee8d5f7fb0
Deprecate jwks_url but it is still supported
...
jwks_uri takes precedence when both are set
2024-10-09 11:01:09 -04:00
423b591310
Fix failing test cases
2024-10-09 10:57:38 -04:00
b966ab7b72
Configure scope_aliases also per resource_server
2024-10-09 10:57:38 -04:00
3e81cfa89d
Handle wrong scope_aliases configuration
2024-10-09 10:57:38 -04:00
48670a0ecf
Support two modes of configuring
...
scope_aliases using cuttlefish
2024-10-09 10:57:38 -04:00
a30c829ec5
Test translation function of scope_aliases
2024-10-09 10:57:38 -04:00
5841e37804
Fix schema translation for
...
scope_aliases
2024-10-09 10:57:38 -04:00
cd46b406df
Modify schema to include scope_aliases
...
WIP Add translation function
2024-10-09 10:57:38 -04:00
d25e0f8e88
Refactoring
...
- Use rabbit_oauth2 prefix for modules which do not have it
- Ensure most lines stick to 80 column
2024-10-08 08:17:48 +02:00
6e74d8b60e
Always use list() type for urls
2024-10-08 08:17:48 +02:00
6d0e195957
Fix schema issues
...
And fix selenium script to run
rabbitrmq locally
2024-10-08 08:17:48 +02:00
b2532e0c1d
Modify management schema
...
to be able to set extra parameters
for authorize and token endpoints
2024-10-08 08:17:48 +02:00
9f11f25b9d
Fix test
2024-10-08 08:17:48 +02:00
b339714bf8
Test invalid token parameter config
2024-10-08 08:17:48 +02:00
5044e297d4
Add token endpoint params to schema
2024-10-08 08:17:48 +02:00
12b8c0db58
Fix all test in unit_SUITE
2024-10-08 08:17:48 +02:00
b9217aee48
Fix test cases and refactor rar and keycloak
...
functionality into their own modules
2024-10-08 08:17:48 +02:00
54ac148daf
Fix issue and test
...
WIP rename all token_validation
to normalize_token_scope
2024-10-08 08:17:48 +02:00
0f5f76677f
More test fixes + clean up + refactor
2024-10-08 08:17:48 +02:00
9ecca5ae7a
Fix test system test cases
...
And move constants to oauth2.hrl
2024-10-08 08:17:48 +02:00
c4e852116b
Fix test cases
2024-10-08 08:17:48 +02:00
42a1a47b7d
Fix test cases
2024-10-08 08:17:47 +02:00
5c2b90bece
fix some test cases
2024-10-08 08:17:47 +02:00
2f0faec58c
Fix test cases
2024-10-08 08:17:47 +02:00
b5230f7afd
Fix some test cases
2024-10-08 08:17:47 +02:00
66d9323148
Simplify module names
2024-10-08 08:17:47 +02:00
34f5d107d2
WIP fix more test cases
2024-10-08 08:17:47 +02:00
158fa3b6b1
WIP fix some test cases
...
Pending to add more scenarios whch
combine +2 resources with and without
verify_aud and with and without audience
in token
2024-10-08 08:17:47 +02:00
aecb86d56d
WIP Fix test cases
2024-10-08 08:17:47 +02:00
4576aaa32e
Refactor assertion function
2024-10-08 08:17:47 +02:00
af4ce0b1e8
WIP Fix compilation errors
...
Fixing test cases
2024-10-08 08:17:47 +02:00
9984eef2d1
WIP Fix compilation errors
2024-10-08 08:17:47 +02:00
7064969ca5
WIP More refactoring
...
split rabbit_oauth2_config into
- rabbit_oauth2_resource_server
- rabbit_oauth2_oauth_provider
and their respective test modules
Signing keys is an oauth provider
concern hence it stays with the
oauth_provider module.
2024-10-08 08:17:47 +02:00
a1206dc801
Move selenium to the root of the repo
2024-09-04 14:59:58 +01:00
c831ae46d1
Fix a typo in rabbit_oauth2_config_SUITE, references #11965
2024-09-01 04:50:56 -04:00
17ca51dcc5
Test merge signing keys when using oauth_providers
2024-08-29 15:19:03 +01:00
18bd43aa50
Improve formatting and add misisng test case
2024-08-29 12:44:49 +01:00
Marcial Rosales
Michael Klishin
Diana Parra Corbacho
Hathoute
David Ansari
Michael Klishin
Marcial Rosales