[
https://issues.apache.org/jira/browse/ARTEMIS-5200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17903078#comment-17903078
]
Justin Bertram commented on ARTEMIS-5200:
-----------------------------------------
What protocol and client implementation would you use with OAuth?
> OAuth Bearer Token Support
> --------------------------
>
> Key: ARTEMIS-5200
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5200
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Reporter: Luís Alves
> Priority: Major
>
> In line with KAFKA
> [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575],
> Artemis should also provide bearer token support for authN and authZ.
> Motivation is the same as in Kafka. I already use OAuth on many services that
> have to communicate with the broker, so why don't leverage the [OAuth 2.0
> client credentials flow|https://oauth.net/2/grant-types/client-credentials/].
> The current integration with Keycloak on the
> [examples|https://github.com/apache/activemq-artemis-examples/tree/main/examples/features/standard/security-keycloak]
> is not great in terms of security. We have to give away our credentials to
> Artemis and it uses them to do a [password
> grant|oauth.net/2/grant-types/password]. This flow is strongly discouraged.
> I think the major blocker is that Artemis is designed to do authN with a
> username and a password. I only have experience with the Java client with
> CORE protocol and I couldn't find any interceptor on the authN process to
> replace the password field with a fresh token. With some workarounds is
> possible to make it work, but is not a vanilla and supported solution.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
