0023ba2a01
Add var expansion to vhost and resource access
2025-05-29 09:02:29 +02:00
3041d6c253
Support in code the old keycloak format
...
That was not keycloak format it was an
extension to the oauth spec introuduced
a few years ago. To get a token from
keycloak using this format, a.k.a.
requesting party token, one has to specify
a different claim type called
urn:ietf:params:oauth:grant-type:uma-ticket
2025-02-11 16:12:15 +01:00
1179d3a3ec
Support keycloak custom format via configuration
2025-02-11 16:12:15 +01:00
968eefa1bb
Bump (c) line year
...
There are no functional changes to this massive diff.
2025-01-01 17:54:10 -05:00
0f1b8760a4
Fix issue
2024-10-09 11:01:09 -04:00
0835c7ecf4
Resolve merge conflicts
2024-10-09 11:01:09 -04:00
d25e0f8e88
Refactoring
...
- Use rabbit_oauth2 prefix for modules which do not have it
- Ensure most lines stick to 80 column
2024-10-08 08:17:48 +02:00
12b8c0db58
Fix all test in unit_SUITE
2024-10-08 08:17:48 +02:00
b9217aee48
Fix test cases and refactor rar and keycloak
...
functionality into their own modules
2024-10-08 08:17:48 +02:00
54ac148daf
Fix issue and test
...
WIP rename all token_validation
to normalize_token_scope
2024-10-08 08:17:48 +02:00
0f5f76677f
More test fixes + clean up + refactor
2024-10-08 08:17:48 +02:00
a1206dc801
Move selenium to the root of the repo
2024-09-04 14:59:58 +01:00
77e8172009
Support tokens without kid when using multiple resources
2024-08-29 12:44:49 +01:00
4cad467d51
Remove obsolete function
2024-02-28 10:04:50 +01:00
06a7f48d4b
Apply feedback from @knilson
2024-02-10 20:12:20 +01:00
d827b72ce1
Create Oauth2 client
2024-02-10 20:12:04 +01:00
33c64d06ea
Add expiry_timestamp/1 callback to authz backend behavior
...
Backends return 'never' or the timestamp of the expiry time
of the credentials. Only the OAuth2 backend returns a timestamp,
other RabbitMQ authz backends return 'never'.
Client code uses rabbit_access_control, so it contains now
a new expiry_timestamp/1 function that returns the earliest
expiry time of the underlying backends.
Fixes #10298
2024-01-19 14:46:47 +01:00
01092ff31f
(c) year bumps
2024-01-01 22:02:20 -05:00
1b642353ca
Update (c) according to [1]
...
1. https://investors.broadcom.com/news-releases/news-release-details/broadcom-and-vmware-intend-close-transaction-november-22-2023
2023-11-21 23:18:22 -05:00
77ee572467
Fixes #8547
2023-06-14 09:39:03 +02:00
84e8d172e6
Make scopes optional for oauth2 authentication
2023-05-30 16:56:12 +02:00
f5ea10eff8
Squash a compiler warning in a test
2023-05-29 04:09:05 +04:00
1cd84b36ec
Test scope prefix within scope alias mapping
2023-05-16 08:40:29 +02:00
faffd6fa98
Configure Oauth scope prefix
...
separate from resource_server_id
2023-05-16 08:40:28 +02:00
6227dfd15d
Fix issue #7178
2023-04-18 16:29:42 +02:00
51e27f8a3f
Fix issue #6909
...
Use the outcome from first authentication
stored in the #user.authz_backends to authenticate
subsequent attempts which occur when a session is
opened.
In particular, during the first authentication attempt
which occurs during the sasl handshake, the amqp 1.0
plugins reads and validates JWT token present in the
password field.
When a new AMQP 1.0 session is opened, the plugin creates
an internal AMQP connection which triggers a second/nth
authentication. For this second/nth authentication, the
plugin propagates as Authentication Credentials the outcome
from the first authentication which is stored in the
`#user.authz_backends`.
The Oauth2 backend first attempts to authenticate using
the password credentials else it uses the credential with the
key `rabbit_auth_backend_oauth2` which has a function which
returns the decoded token
2023-01-31 11:45:59 +01:00
9fca4a7446
Improve coverage
2023-01-03 07:09:02 -05:00
9354397cbf
Support Idp initiated logon in mgt ui with Oauth
...
Configure preferred username from a token
Make client_secret optional
2023-01-03 07:09:00 -05:00
ec4f1dba7d
(c) year bump: 2022 => 2023
2023-01-01 23:17:36 -05:00
7fe159edef
Yolo-replace format strings
...
Replaces `~s` and `~p` with their unicode-friendly counterparts.
```
git ls-files *.erl | xargs sed -i.ORIG -e s/~s>/~ts/g -e s/~p>/~tp/g
```
2022-10-10 10:32:03 +04:00
21e98f8b13
OAuth 2: unit_SUITE naming and wording
2022-08-23 13:20:01 +04:00
39fbeea628
Use user-tags without prefix tag: as action name
2022-08-22 16:16:14 +04:00
8ee81896cf
Add missing test cases
2022-08-22 16:16:14 +04:00
29b97e085b
Test single value for locations and actions
2022-08-22 16:16:14 +04:00
4be9bdbc08
Use wildcard library rather than re
...
for cluster, vhost , queue , exchange,
and routing-key patterns
2022-08-22 16:16:13 +04:00
7cea128a48
Allow regular expression in location's cluster field
2022-08-22 16:16:13 +04:00
d83401aaf1
Fix issue where the cluster was wrongly matched
...
It looks like it was matching any cluster which started
with the value in resource_server_id rather than the
exact value
2022-08-22 16:16:13 +04:00
d69781a7ef
Support rich authorization request spec
2022-08-22 16:16:11 +04:00
ca290f1116
OAuth 2: expand all scope aliases provided
...
Per discussion with @MarcialRosales.
In follow-up to #4588 .
2022-04-27 21:21:40 +04:00
4bd782986d
OAuth 2: test tag extraction with scope aliases
2022-04-22 12:39:29 +04:00
9d72a4a804
OAuth 2: more scope aliasing tests
2022-04-22 00:38:26 +04:00
a242fb9f3d
OAuth 2: refactor unit_SUITE
2022-04-21 16:28:44 +04:00
0862199b9e
OAuth 2: initial scope aliasing test
2022-04-21 14:16:46 +04:00
c38a3d697d
Bump (c) year
2022-03-21 01:21:56 +04:00
52479099ec
Bump (c) year
2021-01-22 09:00:14 +03:00
f0d39cb4e2
Switch to Mozilla Public License 2.0 (MPL 2.0)
2020-07-10 20:27:35 +01:00
28080e1e2c
Log authentication rejection messages
...
Normally when auth fails, we simply log that it failed for a given
username. Since the username is ignored with the auth mechanism,
this does not provide sufficient context for debugging config
errors.
2020-03-09 12:49:48 +01:00
cb3fe65a07
Polish extra scopes source tests
...
Set up environment in init/end test functions, change some scopes in
test to make assertion more obvious.
References #41
2019-12-05 14:10:21 +01:00
d9073fba8d
Make this code less unorthodox, take 2
...
Also improves naming a bit.
2019-12-05 10:28:37 +03:00
9a230b0aeb
Resolve PR comments - rename variables.
2019-12-05 05:29:12 +01:00
Marcial Rosales
Michael Klishin
Marcial Rosales
Arnaud Cogoluègnes
Michael Klishin
Michael Klishin
Luke Bakken
dcorbacho
Philip Kuryloski
Michal Papuga