[
https://issues.apache.org/jira/browse/ARTEMIS-5200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17903085#comment-17903085
]
Luís Alves edited comment on ARTEMIS-5200 at 12/4/24 6:51 PM:
--------------------------------------------------------------
That's a good question, as Artemis support almost all protocols available. On
Kafka there's only one protocol an they write the clients for all programming
languages.
I would say that for core client (java)/core protocol would be great to have
vanilla support.
For others, I don't know how much can be done from Artemis side. I found:
https://docs.oasis-open.org/amqp/amqp-cbs/v1.0/amqp-cbs-v1.0.html, so I hope
that all of them evolve to token based Auth eventually.
was (Author: luisalves00):
That's a good question, as Artemis support almost all protocols available. On
Kafka there's only one protocol an they write the clients for all programming
languages.
I would say that for core client (java)/core protocol would be great to have
vanilla support.
> OAuth Bearer Token Support
> --------------------------
>
> Key: ARTEMIS-5200
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5200
> Project: ActiveMQ Artemis
> Issue Type: New Feature
> Reporter: Luís Alves
> Priority: Major
>
> In line with KAFKA
> [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575],
> Artemis should also provide bearer token support for authN and authZ.
> Motivation is the same as in Kafka. I already use OAuth on many services that
> have to communicate with the broker, so why don't leverage the [OAuth 2.0
> client credentials flow|https://oauth.net/2/grant-types/client-credentials/].
> The current integration with Keycloak on the
> [examples|https://github.com/apache/activemq-artemis-examples/tree/main/examples/features/standard/security-keycloak]
> is not great in terms of security. We have to give away our credentials to
> Artemis and it uses them to do a [password
> grant|oauth.net/2/grant-types/password]. This flow is strongly discouraged.
> I think the major blocker is that Artemis is designed to do authN with a
> username and a password. I only have experience with the Java client with
> CORE protocol and I couldn't find any interceptor on the authN process to
> replace the password field with a fresh token. With some workarounds is
> possible to make it work, but is not a vanilla and supported solution.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
