Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth 2: support variable expansion for topic authorisation #7178

Closed
OLibutzki opened this issue Feb 3, 2023 · 3 comments · Fixed by #7924
Closed

OAuth 2: support variable expansion for topic authorisation #7178

OLibutzki opened this issue Feb 3, 2023 · 3 comments · Fixed by #7924
Assignees
@MarcialRosales
Milestone
3.11.14

Comments

@OLibutzki
Copy link

Currently variable expansion is only supported by the internal authorisation backend. As discussed with @ansd here, it makes sense in the context of rabbit_auth_backend_oauth2, too.

As a practical example, I currently have to add a lot of client scopes in order to build specific permissions per user. Having a Client scope which contains {username} would easy this setup a lot.
@michaelklishin michaelklishin changed the title [rabbit_auth_backend_oauth2] Support variable expansion or Topic authorisation OAuth 2: support variable expansion for topic authorisation Feb 3, 2023
@MarcialRosales
Copy link
Contributor

MarcialRosales commented Feb 3, 2023
edited
Loading

The expansion variables could be:

Examples:

Given a token with the claim client_id: abz and scope rabbitmq.read:*/{client_id}-* means it has read access on any queue whose name starts with abz- on any vhost.

@ansd
Copy link
Member

ansd commented Feb 3, 2023

Given a token with the claim client_id: abz and scope rabbitmq.read:/{client_id}- means it has read access on any queue whose name starts with abz- on any vhost.

@MarcialRosales this feature request is only about topic authorisation - not about queues.

@OLibutzki
Copy link
Author

Using any claim of type string would be great as it makes the solution much more flexibel.

@MarcialRosales MarcialRosales self-assigned this Mar 31, 2023
MarcialRosales added a commit that referenced this issue Apr 18, 2023
@MarcialRosales
Fix issue #7178
b05db4a
MarcialRosales added a commit that referenced this issue Apr 18, 2023
@MarcialRosales
Fix issue #7178
a7c4508
@MarcialRosales MarcialRosales mentioned this issue Apr 18, 2023
Merged
MarcialRosales added a commit that referenced this issue Apr 18, 2023
@MarcialRosales
Fix issue #7178
4f426bb
MarcialRosales added a commit that referenced this issue Apr 18, 2023
@MarcialRosales
Fix issue #7178
6227dfd
MarcialRosales added a commit that referenced this issue Apr 18, 2023
@MarcialRosales
Fix issue #7178
1413289
michaelklishin added a commit that referenced this issue Apr 19, 2023
@michaelklishin
Merge pull request #7924 from rabbitmq/support-var-expansion-scopes-f…
f7c3657 
…or-topic-authorization

Support variable expansion in JWT token scopes in the context of topic operation authorization (#7178)
mergify bot pushed a commit that referenced this issue Apr 19, 2023
@MarcialRosales @mergify
Fix issue #7178
25bd669 
(cherry picked from commit 6227dfd)
@michaelklishin michaelklishin added this to the 3.11.14 milestone Apr 19, 2023
michaelklishin added a commit that referenced this issue Apr 19, 2023
@michaelklishin
Merge pull request #7928 from rabbitmq/mergify/bp/v3.12.x/pr-7924
1cbaa13 
Support variable expansion in JWT token scopes in the context of topic operation authorization (#7178) (backport #7924)
mergify bot pushed a commit that referenced this issue Apr 19, 2023
@MarcialRosales @mergify
Fix issue #7178
947df15 
(cherry picked from commit 6227dfd)
(cherry picked from commit 25bd669)
michaelklishin added a commit that referenced this issue Apr 19, 2023
@michaelklishin
Merge pull request #7929 from rabbitmq/mergify/bp/v3.11.x/pr-7928
fd57485 
Support variable expansion in JWT token scopes in the context of topic operation authorization (#7178) (backport #7924) (backport #7928)
mergify bot pushed a commit that referenced this issue Apr 19, 2023
@MarcialRosales @mergify
Fix issue #7178
703a34f 
(cherry picked from commit 6227dfd)
(cherry picked from commit 25bd669)
(cherry picked from commit 947df15)

# Conflicts:
#	deps/rabbitmq_auth_backend_oauth2/src/rabbit_auth_backend_oauth2.erl
#	deps/rabbitmq_auth_backend_oauth2/test/unit_SUITE.erl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MarcialRosales MarcialRosales

Labels
None yet
Projects
None yet
Milestone
3.11.14
4 participants
@michaelklishin @OLibutzki @MarcialRosales @ansd