Fatal编程技术网
  • jwt/
  • Jwt RabbitMQ+;OAuth=>;用户的MQTT登录失败

Jwt RabbitMQ+;OAuth=>;用户的MQTT登录失败

jwt rabbitmq keycloak

Jwt RabbitMQ+;OAuth=>;用户的MQTT登录失败,jwt,rabbitmq,keycloak,Jwt,Rabbitmq,Keycloak,我无法配置RabbitMQ以使用JWT进行客户端访问(例如,使用Paho访问MQTT) 我已经使用了这个推荐的插件 我正在使用密钥斗篷生成JWT访问令牌 样本: { "exp": 1617886910, "iat": 1617872510, "jti": "e720xxxxxxad0", "iss": "https://xxxxxxxxxxx",

我无法配置RabbitMQ以使用JWT进行客户端访问(例如,使用Paho访问MQTT)

我已经使用了这个推荐的插件

我正在使用密钥斗篷生成JWT访问令牌

样本:

{
    "exp": 1617886910,
    "iat": 1617872510,
    "jti": "e720xxxxxxad0",
    "iss": "https://xxxxxxxxxxx",
    "aud": [
        "kanban",
        "rabbitmq",
        "account"
    ],
    "sub": "ec27xxxxxxx92fc",
    "typ": "Bearer",
    "azp": "kanban",
    "session_state": "1bcxxxxxxx5e",
    "acr": "1",
    "allowed-origins": [
        ""
    ],
    "realm_access": {
        "roles": [
            "offline_access",
            "uma_authorization"
        ]
    },
    "scope": "email kanban.read:*/* kanban.write:*/* profile kanban.configure:*/*",
    "email_verified": false,
    "plant": "*",
    "name": "xxx xx",
    "preferred_username": "xxxx",
    "given_name": "xxxxx",
    "rabbitmq": ["kanban.read:*/*", "kanban.write:*/*"],
    "family_name": "xx",
    "email": "xxxxxxxxx"
}
对于rabbitmq配置: dockfile

advanced.config

[
  {rabbit, [
    {auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]},
    {auth_mechanisms, ['PLAIN','AMQPPLAIN','EXTERNAL']}
  ]},
  {rabbitmq_auth_backend_oauth2, [
    {resource_server_id, <<"kanban">>},
    {key_config, [
      {default_key, <<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">>},
      {additional_rabbitmq_scopes, <<"rabbitmq">>}, 
      {jwks_url, <<"https://XXXXX/auth/realms/XXXXX/protocol/openid-connect/certs">>},
      {signing_key, 
          #{<<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXL0WnwckscW5XeCofcG65Fhdy/FJhvvuQkFOUu2erzPfI1Tq35yijikcAG4Qp+nnpUaKXw6juWXdRwebAEuX6ZsCZ5T75dJlXErov3jqOb47U5V0g2B2nNWOzeNGLsPDBOVw3e1iG6zIZtVUlJBM7hkAQuKj6w9R4mu5JEisGCw3onjrF97/E1oOvTw3v+tDYxwWqyLpFi5crjam3lzx4VxN8zwLCx1Q3x2a3jeMLlt0iL9F/+axrHZg45CrMq0MOsWJ3vJQh7WfKjW6hFlyDE4y/nxHds+v/nmzJC5ahEAFHixq7+0VhL0K+tSDmQjxG8gBfyaPsQsPCLC4Zzv/wIDAQAB
-----END PUBLIC KEY-----">>}
         }
     }]
    }
  ]}
].

[
{兔子[
{auth_backend,[rabbit_auth_backend_oauth2,rabbit_auth_backend_internal]},
{auth_机制,['PLAIN','amqplain','EXTERNAL']}
]},
{rabbitmq_auth_backend_oauth2[
{resource\u server\u id,},
{key_config[
{default_key,},
{附加的\u rabbitmq\u作用域,},
{jwks_url,},
{签名\u密钥,
#{=>{pem,}
}
}]
}
]}
].
当我使用Paho测试时,提供密码字段上的JWT(以及用户为空或其他任何内容),我会出现错误

我尝试过的:

  • 通过提供dumby key=>generate parse error检查是否加载了advanced.config
  • 检查authbackend是否已加载=>在启动时显示在日志中
  • 在我的paho脚本中使用不同的用户名或空进行检查
  • 在advanced.config中检查带/不带签名的密钥字段
  • 在JKWS=>周围检查是否有>没有发生任何事情
什么会导致错误或我的配置文件中的配置错误

[
  {rabbit, [
    {auth_backends, [rabbit_auth_backend_oauth2, rabbit_auth_backend_internal]},
    {auth_mechanisms, ['PLAIN','AMQPPLAIN','EXTERNAL']}
  ]},
  {rabbitmq_auth_backend_oauth2, [
    {resource_server_id, <<"kanban">>},
    {key_config, [
      {default_key, <<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">>},
      {additional_rabbitmq_scopes, <<"rabbitmq">>}, 
      {jwks_url, <<"https://XXXXX/auth/realms/XXXXX/protocol/openid-connect/certs">>},
      {signing_key, 
          #{<<"YoC-uSkB0wTmh39078PuzmobULDLk-1aQqDZWV4fgYc">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXL0WnwckscW5XeCofcG65Fhdy/FJhvvuQkFOUu2erzPfI1Tq35yijikcAG4Qp+nnpUaKXw6juWXdRwebAEuX6ZsCZ5T75dJlXErov3jqOb47U5V0g2B2nNWOzeNGLsPDBOVw3e1iG6zIZtVUlJBM7hkAQuKj6w9R4mu5JEisGCw3onjrF97/E1oOvTw3v+tDYxwWqyLpFi5crjam3lzx4VxN8zwLCx1Q3x2a3jeMLlt0iL9F/+axrHZg45CrMq0MOsWJ3vJQh7WfKjW6hFlyDE4y/nxHds+v/nmzJC5ahEAFHixq7+0VhL0K+tSDmQjxG8gBfyaPsQsPCLC4Zzv/wIDAQAB
-----END PUBLIC KEY-----">>}
         }
     }]
    }
  ]}
].