-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make some OAuth2 settings optional #12258
base: main
Are you sure you want to change the base?
Conversation
043520f
to
f6dd1e0
Compare
ecac15f
to
3a210d7
Compare
a216551
to
99838c3
Compare
Improve logging Fix an issue running selenium tests locally WIP modify schema to configure queryParameters for oauth2 endpoints
before implementing oidc endpoints parameters
split rabbit_oauth2_config into - rabbit_oauth2_resource_server - rabbit_oauth2_oauth_provider and their respective test modules Signing keys is an oauth provider concern hence it stays with the oauth_provider module.
Fixing test cases
Pending to add more scenarios whch combine +2 resources with and without verify_aud and with and without audience in token
WIP address a dialyzer error
to be able to set extra parameters for authorize and token endpoints
Add javascript unit tests given that amount of javascript code it is difficult to get good coverage with just end-to-end tests The tests are not running yet because i need to learn how to use Babel to convert ES5 modules into NodeJs modules otherwise it is not possible because all the source modules use ES5 modules whereas tests run from node.js which requires CommonJS
And fix selenium script to run rabbitrmq locally
And location of cert files when running multioauth test suites locally
378bbb2
to
697b5a2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@MarcialRosales we cannot use very generic modules names such as rar
and oauth2
, or keycloak
.
We should continue using the rabbit_oauth2_
prefix in this plugin to avoid potential code path conflicts with external libraries, other plugins, and so on.
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved. | ||
%% | ||
|
||
-module(resource_server). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very generic name, we should continue using rabbit_oauth2_
for prefix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. I wanted to make it simpler but clearly I went over the line :) . Thanks Michael.
%% | ||
|
||
% Rich Authorization Request | ||
-module(rar). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very generic and short name, we should continue using rabbit_oauth2_
for prefix.
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved. | ||
%% | ||
|
||
-module(oauth_provider). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very generic name, we should continue using rabbit_oauth2_
for prefix.
%% Copyright (c) 2007-2024 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. All rights reserved. | ||
%% | ||
|
||
-module(keycloak). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a very generic name, we should continue using rabbit_oauth2_
for prefix.
- Use rabbit_oauth2 prefix for modules which do not have it - Ensure most lines stick to 80 column
Proposed Changes
Implements features:
management.metadata_url
and move it toauth_oauth2.discovery_endpoint_path
#12237It is accompanied by this docs PR rabbitmq/rabbitmq-website#2056
Tasks:
oauth_provider
andresource_server
types rather than asking for each setting to the deprecated config module. Split config module into oauth_provider and resource_server modules.discovery_endpoint_path
anddiscovery_endpoint_params
oauth_authorization_endpoint_params
andoauth_token_endpoint_params
access_token_request
anddiscovery_endpoint
to theoauth_provider
type. (TODO the WSR plugin should be updated to read these extra params and pass them to theaccess_token_request
)Types of Changes
What types of changes does your code introduce to this project?
Put an
x
in the boxes that apply