Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extract preferred_username_claims also from the id_token if present #12222

Open
MarcialRosales opened this issue Sep 5, 2024 · 0 comments
Open

Extract preferred_username_claims also from the id_token if present #12222

MarcialRosales opened this issue Sep 5, 2024 · 0 comments
Assignees
@MarcialRosales
Labels
enhancement rabbitmq-auth-backend-oauth2

Comments

@MarcialRosales
Copy link
Contributor

MarcialRosales commented Sep 5, 2024
edited
Loading

Is your feature request related to a problem? Please describe.

RabbitMQ always extracts the user identity from a number of claim found in the access_token itself. The access_token is one of the attributes of a successful Access Token Response.

According to the OAuth2 spec, a successful Access Token Response should have, at least, an access_token attribute in addition to others such as expires_in. However, some OAuth Providers (like Auth0) may include an id_token to a successful Access Token Response. The id_token contains user’s authentication information such as username, user_ids, and others. When this happens, the access_token only contains the sub claim which commonly refers to an internal user identifier which the user cannot relate to.

Describe the solution you'd like

RabbitMQ should look up auth_oauth2.preferred_username_claims in the access_token and also in the id_token if present in the Access Token Response.

Describe alternatives you've considered

No response

Additional context

No response
@MarcialRosales MarcialRosales self-assigned this Sep 5, 2024
@MarcialRosales MarcialRosales changed the title Extract preferred_username from the access_token but also from the id_token if present Extract preferred_username from the access_token and from the id_token if present Sep 5, 2024
@MarcialRosales MarcialRosales changed the title Extract preferred_username from the access_token and from the id_token if present Extract preferred_username_claims from the access_token and from the id_token if present Sep 5, 2024
@MarcialRosales MarcialRosales changed the title Extract preferred_username_claims from the access_token and from the id_token if present Extract preferred_username_claims also from the id_token if present Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MarcialRosales MarcialRosales

Labels
enhancement rabbitmq-auth-backend-oauth2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MarcialRosales