Enabling OAuth2 on Management UI #676
Replies: 1 comment
-
Hello! This question does not appear to be specific to this Docker image, so I suggest asking in one of these community support channels: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I use the rabbitmq:3.12-management docker image, and I am trying to configure it with the OAuth2.
My OAuth2 is home made server based on the oidc-provider.
My first step was to enable the OAuth2 on backend, I added the following lines to the config file
auth_backends.1 = rabbit_auth_backend_oauth2
auth_oauth2.resource_server_id = rabbitmq
auth_oauth2.jwks_url = https://iam:4000/oidc/jwks
auth_oauth2.verify_aud = false
and it works - great!
Having this configuration, on UI management side, I am using the empty user and jwt token generated with my OAuth2Server, and it also works - great!
The problem started when I tried to configure the OAuth2 on the Management side, so what I did is I added this to the config file:
management.oauth_enabled = true
management.oauth_client_id = rabbit_user_client
management.oauth_client_secret = rabbit_user_client
management.oauth_provider_url = https://localhost:4000/oidc
Authorization flow with PKCE is executed properly, the OAuth2 server generates the response containing the access_token and id_token. But after getting the response the UI Management query GET /api/whoami and it uses the access_token (while I believe it should use the id_token) as the bearer token in the authorization header - in result I have the error on the RabbitMQ server-side - Authentication using an OAuth 2/JWT token failed: provided token is invalid- and I cannot log in into the management.
If I query the GET /api/whoami with the id_token (generated during the authorization flow with PKCE started from the UI) the response is correct.
Why then the access_token is used, or maybe I understand it wrong ?
Thank you in advance
Beta Was this translation helpful? Give feedback.
All reactions