[jira] [Commented] (ARTEMIS-5200) OAuth Bearer Token Support

Thu, 02 Apr 2026 04:00:14 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5200?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18070560#comment-18070560
 ] 

ASF subversion and git services commented on ARTEMIS-5200:
----------------------------------------------------------

Commit d8cd96a1b45237287d81b6a64cd7e987ec726fb2 in artemis's branch 
refs/heads/main from Grzegorz Grzybek
[ https://gitbox.apache.org/repos/asf?p=artemis.git;h=d8cd96a1b4 ]

ARTEMIS-5200 Clarify configuration of Certificate-Bound JWT Access Tokens


> OAuth Bearer Token Support
> --------------------------
>
>                 Key: ARTEMIS-5200
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5200
>             Project: Artemis
>          Issue Type: New Feature
>            Reporter: Luís Alves
>            Priority: Major
>
> In line with KAFKA 
> [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575],
>  Artemis should also provide bearer token support for authN and authZ.
> Motivation is the same as in Kafka. I already use OAuth on many services that 
> have to communicate with the broker, so why don't leverage the [OAuth 2.0 
> client credentials flow|https://oauth.net/2/grant-types/client-credentials/].
> The current integration with Keycloak on the 
> [examples|https://github.com/apache/activemq-artemis-examples/tree/main/examples/features/standard/security-keycloak]
>  is not great in terms of security. We have to give away our credentials to 
> Artemis and it uses them to do a [password 
> grant|oauth.net/2/grant-types/password]. This flow is strongly discouraged.
> I think the major blocker is that Artemis is designed to do authN with a 
> username and a password. I only have experience with the Java client with 
> CORE protocol and I couldn't find any interceptor on the authN process to 
> replace the password field with a fresh token. With some workarounds is 
> possible to make it work, but is not a vanilla and supported solution.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to