The instructions on how to configure and test OAuth 2.0 in RabbitMQ have been moved to RabbitMQ documentation. This repository only maintains the configuration files and scripts referenced from the RabbitMQ documentation.
IMPORTANT
This branch, main
, of this repository is meant for the RabbitMQ docs with the version 4.0
or earlier.
For RabbitMQ docs with version Next
, check the branch next.
Table of Contents
For each OAuth provider, there is a subfolder under conf
folder, such as keycloak
,
or entra
. If the OAuth provider can be deployed locally via docker, there is also a subfolder under bin
folder, such as bin/keycloak
, with a deploy
script.
Under each OAuth provider folder, you find either a rabbitmq.conf
file for those OAuth providers that can be deployed locally, such as keycloak
and uaa
. For SaaS OAuth providers like entra
, you find instead a rabbitmq.conf.tmpl
file that you need to clone as rabbitmq.conf
and replace template variables such as {Application(client) ID}
with a real value.
When the example requires RabbitMQ with TLS enabled, the corresponding conf
folder must have a file called requires-tls
. When you run make start-rabbitmq
, if the key and cert have not been generated yet, the command generates one. For instance, under conf/entra
there is a requires-tls
file. When you deploy RabbitMQ with MODE=entra
, a key-pair is generated under conf/entra/certs
. In conf/entra/rabbitmq.conf.tmpl
configuration file you can see where the certificates and key are mounted.
- Access management UI using OAuth 2.0 tokens
- Service-Provider initiated logon
- Identity-Provider initiated logon
Using JWT tokens in several protocols to access RabbitMQ
- Management HTTP API
- AMQP 0-9-1 (and scopes for topic exchanges in a separate section)
- AMQP 1.0
- JMS
- MQTT
- How to Use Advanced OAuth 2.0 Configuration
- Using a custom scope field
- Using multiple asymmetrical signing keys
- Using scope aliases
- Preferred username claims
- Using Rich Authorization Requests tokens
- Keycloak
- Auth0
- Microsoft Entra ID (formerly known as Azure Active Directory)
- OAuth2 Proxy
- Okta
- Google NOT SUPPORTED
- Multiple OAuth 2.0 servers and/or audiences