mattrpav commented on code in PR #1480: URL: https://github.com/apache/activemq/pull/1480#discussion_r2299188712
########## assembly/src/release/conf/login.config: ########## @@ -18,4 +18,12 @@ activemq { org.apache.activemq.jaas.PropertiesLoginModule required org.apache.activemq.jaas.properties.user="users.properties" org.apache.activemq.jaas.properties.group="groups.properties"; -}; \ No newline at end of file +}; + +OAuthConfiguration { + org.apache.activemq.jaas.oauth.OAuthLoginModule required + issuer="https://cognito-idp.us-west-2.amazonaws.com/us-west-2_iz1VrIxct" + jwks_uri="https://cognito-idp.us-west-2.amazonaws.com/us-west-2_iz1VrIxct/.well-known/jwks.json" + group_resolver_class="org.apache.activemq.jaas.oauth.NoOpGroupResolver" Review Comment: Using a class for group resolution gets tricky across runtimes that have varying classloader behaviors (specifically Apache Karaf and OSGi-based runtimes.) Since there is only one method, I think having an AbstractOAuthLoginModule with shared methods and an abstract method for groupLookup() is the way to go. The default implementation can simply load a groups.properties file with user, group and role mappings similar to how pure local accounts work. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org For additional commands, e-mail: gitbox-h...@activemq.apache.org For further information, visit: https://activemq.apache.org/contact