diff options
Diffstat (limited to 'deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema')
| -rw-r--r-- | deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema index db8abe8928..cd4fbfeeca 100644 --- a/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema +++ b/deps/rabbitmq_auth_backend_oauth2/priv/schema/rabbitmq_auth_backend_oauth2.schema @@ -5,8 +5,20 @@ %% %% ---------------------------------------------------------------------------- +<<<<<<< HEAD %% A prefix used for scopes in UAA to avoid scope collisions (or unintended overlap). It is an empty string by default. +======= +%% OAuth Resource identity. Usage: +%% - This is the identity of a RabbitMQ server/cluster used as the +%% recipient of JWT Tokens (see audience claim, https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3). +%% - This is also the resource identifier used by RabbitMQ server/cluster in the authorization and access token +%% requests (https://datatracker.ietf.org/doc/html/draft-ietf-oauth-resource-indicators-05#page-3) +>>>>>>> 0131e9900f (Configure Oauth scope prefix) %% +%% Up to version 3.12, RabbitMQ's scopes followed this pattern : <resource_server_id>.<scope>. +%% Nowadays, there is a new setting called scope_prefix and RabbitMQ's scopes follow this pattern instead: +%% <scope_prefix><scope>. Note that there is no dot in between. +%% The default value of this setting is `<resource_server_id>.`. %% {resource_server_id, <<"my_rabbit_server">>}, {mapping, @@ -19,6 +31,20 @@ fun(Conf) -> list_to_binary(cuttlefish:conf_get("auth_oauth2.resource_server_id", Conf)) end}. +%% A prefix used for scopes to avoid scope collisions (or unintended overlap). If not configured, +%% it is defaulted to `<resource_server_id>.` to maintain backward compatibility. Empty string is a permitted value. +%% +%% {scope_prefix, <<"api:/rabbitmq:">>}, + +{mapping, + "auth_oauth2.scope_prefix", + "rabbitmq_auth_backend_oauth2.scope_prefix", + [{datatype, string}]}. + +{translation, + "rabbitmq_auth_backend_oauth2.scope_prefix", + fun(Conf) -> list_to_binary(cuttlefish:conf_get("auth_oauth2.scope_prefix", Conf)) + end}. %% An identifier used for JWT Tokens compliant with Rich Authorization Request spec %% RabbitMq uses this field as discriminator to filter out permissions meant for RabbitMQ |