07adc3e571
Remove Bazel files
2025-03-13 13:42:34 +00:00
ecacf0f19c
Clean up
2025-02-11 16:12:15 +01:00
3041d6c253
Support in code the old keycloak format
...
That was not keycloak format it was an
extension to the oauth spec introuduced
a few years ago. To get a token from
keycloak using this format, a.k.a.
requesting party token, one has to specify
a different claim type called
urn:ietf:params:oauth:grant-type:uma-ticket
2025-02-11 16:12:15 +01:00
1179d3a3ec
Support keycloak custom format via configuration
2025-02-11 16:12:15 +01:00
968eefa1bb
Bump (c) line year
...
There are no functional changes to this massive diff.
2025-01-01 17:54:10 -05:00
bdaa31e7ea
Tests: catch exception on connection closed
...
The tests force closing the connection with an error
2024-12-16 11:58:05 +01:00
719b5564c9
Cosmetics
2024-11-28 15:55:13 -05:00
301b79c470
Type spec improvements in rabbit_auth_backend_oauth2
2024-11-28 15:51:47 -05:00
3718fe3289
Prevent change of username on token refresh
2024-11-27 10:41:28 +01:00
c44c5150f2
Fix failing test
...
(cherry picked from commit 6459111f86
2024-11-18 14:44:56 -05:00
f1ee5b551a
Update rabbit_oauth2_schema.erl
...
(cherry picked from commit ed5f29cec8
2024-11-18 12:46:46 -05:00
0d51ee9ec0
rabbitmq-auth-backend-oauth2: correctly map additional_scopes_key
...
(cherry picked from commit 0d799a50eb
2024-11-18 12:46:40 -05:00
fa0067c22d
bazel run gazelle
2024-11-01 04:02:26 +00:00
1778bc22aa
Support AMQP 1.0 token renewal
...
Closes #9259 .
## What?
Allow an AMQP 1.0 client to renew an OAuth 2.0 token before it expires.
## Why?
This allows clients to keep the AMQP connection open instead of having
to create a new connection whenever the token expires.
## How?
As explained in https://github.com/rabbitmq/rabbitmq-server/issues/9259#issuecomment-2437602040
the client can `PUT` a new token on HTTP API v2 path `/auth/tokens`.
RabbitMQ will then:
1. Store the new token on the given connection.
2. Recheck access to the connection's vhost.
3. Clear all permission caches in the AMQP sessions.
4. Recheck write permissions to exchanges for links publishing to
RabbitMQ, and recheck read permissions from queues for links
consuming from RabbitMQ. The latter complies with the user
expectation in #11364 .
2024-10-30 10:42:40 +01:00
9893a2bd48
Merge pull request #12399 from rabbitmq/deprecate-oauth2-settings
...
Deprecate two OAuth2 settings: auth_oauth2.jwks_url and management.metadata_url
2024-10-09 11:46:58 -04:00
0f1b8760a4
Fix issue
2024-10-09 11:01:09 -04:00
0835c7ecf4
Resolve merge conflicts
2024-10-09 11:01:09 -04:00
ee8d5f7fb0
Deprecate jwks_url but it is still supported
...
jwks_uri takes precedence when both are set
2024-10-09 11:01:09 -04:00
b21a222abd
Remove management.oauth_metadata_url
2024-10-09 11:01:09 -04:00
423b591310
Fix failing test cases
2024-10-09 10:57:38 -04:00
ebc3dea971
Minor formatting improvement
2024-10-09 10:57:38 -04:00
b966ab7b72
Configure scope_aliases also per resource_server
2024-10-09 10:57:38 -04:00
3e81cfa89d
Handle wrong scope_aliases configuration
2024-10-09 10:57:38 -04:00
48670a0ecf
Support two modes of configuring
...
scope_aliases using cuttlefish
2024-10-09 10:57:38 -04:00
a30c829ec5
Test translation function of scope_aliases
2024-10-09 10:57:38 -04:00
dcb52638ab
Minor refactoring
2024-10-09 10:57:38 -04:00
5841e37804
Fix schema translation for
...
scope_aliases
2024-10-09 10:57:38 -04:00
cd46b406df
Modify schema to include scope_aliases
...
WIP Add translation function
2024-10-09 10:57:38 -04:00
5ae16631e9
bazel run gazelle
2024-10-09 04:02:38 +00:00
c15f19fe83
OAuth 2: CLI is a build time dependency, not a runtime one
2024-10-08 07:11:43 -04:00
e7f82a53ba
OAuth 2: add a missing dependency on rabbitmq_cli
2024-10-08 07:09:08 -04:00
743f663520
Fix bazel configuration
2024-10-08 08:17:48 +02:00
0ec415a419
Fix bazel misconfiguration
2024-10-08 08:17:48 +02:00
d25e0f8e88
Refactoring
...
- Use rabbit_oauth2 prefix for modules which do not have it
- Ensure most lines stick to 80 column
2024-10-08 08:17:48 +02:00
f56324e72c
Remove wrong file
2024-10-08 08:17:48 +02:00
966d5d49b1
Fix fucntion signature
2024-10-08 08:17:48 +02:00
6e74d8b60e
Always use list() type for urls
2024-10-08 08:17:48 +02:00
6d0e195957
Fix schema issues
...
And fix selenium script to run
rabbitrmq locally
2024-10-08 08:17:48 +02:00
b2532e0c1d
Modify management schema
...
to be able to set extra parameters
for authorize and token endpoints
2024-10-08 08:17:48 +02:00
eb2fbc6d9b
Improve format
2024-10-08 08:17:48 +02:00
9f11f25b9d
Fix test
2024-10-08 08:17:48 +02:00
b339714bf8
Test invalid token parameter config
2024-10-08 08:17:48 +02:00
0d4fb55cda
Remove unnecessary statement
2024-10-08 08:17:48 +02:00
5044e297d4
Add token endpoint params to schema
2024-10-08 08:17:48 +02:00
7792b70c13
Fix dialyzer errors
2024-10-08 08:17:48 +02:00
12b8c0db58
Fix all test in unit_SUITE
2024-10-08 08:17:48 +02:00
b9217aee48
Fix test cases and refactor rar and keycloak
...
functionality into their own modules
2024-10-08 08:17:48 +02:00
54ac148daf
Fix issue and test
...
WIP rename all token_validation
to normalize_token_scope
2024-10-08 08:17:48 +02:00
0f5f76677f
More test fixes + clean up + refactor
2024-10-08 08:17:48 +02:00
9ecca5ae7a
Fix test system test cases
...
And move constants to oauth2.hrl
2024-10-08 08:17:48 +02:00
Aitor Perez
Marcial Rosales
Michael Klishin
Diana Parra Corbacho
Hathoute
Hathoute Hamza
GitHub
David Ansari
Michael Klishin
Michael Klishin
Marcial Rosales