Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'additional_scopes_key' ignored when configuring multiple oauth2 resource servers #12750

Closed
Hathoute opened this issue Nov 18, 2024 · 0 comments · Fixed by #12752
Closed

'additional_scopes_key' ignored when configuring multiple oauth2 resource servers #12750

Hathoute opened this issue Nov 18, 2024 · 0 comments · Fixed by #12752
Labels
bug
Milestone
4.0.4

Comments

@Hathoute
Copy link
Contributor

Describe the bug

When configuring multiple oauth2 resource servers, additional_scopes_key is not taken into account which leads to unauthorized access.

Reproduction steps

  1. Register a resource server using auth_oauth2.resource_servers.$name.additional_scopes_key without specifying auth_oauth2.additional_scopes_key
  2. Grant administrator tag for Management UI (or other RabbitMQ permissions) using this field in the resource server.
  3. Attempting to login to the Management UI results in "Not authorized"

Expected behavior

RabbitMQ should correctly read additional scopes from the additional_scopes_key and grant access to the Management UI

Additional context

By looking at the code for rabbitmq_auth-backend_oauth2 it looks like it reads the property extra_scopes_source, which is correctly mapped for auth_oauth2.additional_scopes_key, but not for auth_oauth2.resource_servers.$name.additional_scopes_key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
4.0.4
2 participants
@michaelklishin @Hathoute