First changes to test opaque tokens

MarcialRosales · MarcialRosales · commit fa960a490754 · 2025-07-10T11:18:33.000+02:00
diff --git a/selenium/authorization-server/src/main/resources/application.yml b/selenium/authorization-server/src/main/resources/application.yml
@@ -37,6 +37,8 @@ spring:
               client-authentication-methods:
                 - client_secret_basic
               require-proof-key: true
+              token-settings:
+                access-token-format: reference
               scopes: 
                 - openid
                 - profile
@@ -48,6 +50,7 @@ spring:
               client-id: rabbitmq_client_code
               authorization-grant-types: 
                 - authorization_code
+              require-proof-key: true  
               client-authentication-methods:
                 - none
               redirect-uris: 
diff --git a/selenium/suites/authnz-messaging/auth-oauth-backend-with-opaque-tokens.sh b/selenium/suites/authnz-messaging/auth-oauth-backend-with-opaque-tokens.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+SCRIPT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+TEST_CASES_PATH=/authnz-msg-protocols
+PROFILES="spring oauth-prodproducer auth-oauth-spring auth_backends-oauth-opaque "
+
+source $SCRIPT/../../bin/suite_template
+runWith spring
diff --git a/selenium/test/authnz-msg-protocols/env.auth-oauth-spring.docker b/selenium/test/authnz-msg-protocols/env.auth-oauth-spring.docker
@@ -0,0 +1,2 @@
+export OAUTH_PROVIDER_URL=https://spring:8443/
+export OAUTH_NODE_EXTRA_CA_CERTS=multi-oauth/devkeycloak/ca_certificate.pem
diff --git a/selenium/test/authnz-msg-protocols/rabbitmq.auth_backends-oauth-opaque.conf b/selenium/test/authnz-msg-protocols/rabbitmq.auth_backends-oauth-opaque.conf
@@ -0,0 +1,23 @@
+## RabbitMQ configuration with 2 oauth2 resources, rabbit_prod and rabbit_dev,
+## rather than a single resource_server_id
+## Also, each resource is owned by its own oauth provider, i.e. RabbitMQ is
+## accessed by users and clients from two different providers using their dedicated
+## resource_server_id.
+log.console.level = debug
+
+auth_backends.1 = rabbit_auth_backend_oauth2
+
+# Common auth_oauth2 settings for all resources
+auth_oauth2.preferred_username_claims.1 = preferred_username
+auth_oauth2.preferred_username_claims.2 = user_name
+auth_oauth2.preferred_username_claims.3 = email
+
+## Resource servers hosted by this rabbitmq instance
+auth_oauth2.resource_servers.1.id = rabbitmq
+auth_oauth2.resource_servers.1.oauth_provider_id = spring
+
+## Oauth providers
+auth_oauth2.oauth_providers.spring.issuer = ${SPRING_URL}
+auth_oauth2.oauth_providers.spring.https.cacertfile = ${SPRING_CA_CERT}
+auth_oauth2.oauth_providers.spring.https.verify = verify_peer
+auth_oauth2.oauth_providers.spring.https.hostname_verification = wildcard
diff --git a/selenium/test/oauth/spring/application.yml b/selenium/test/oauth/spring/application.yml
@@ -17,6 +17,15 @@ spring:
             type: PKCS12
   security:
     oauth2:
+      users:
+        - username: rabbit_admin
+          password: rabbit_admin 
+          scopes: 
+            - openid 
+            - profile 
+            - rabbitmq.tag:administrator
+          audiencies: 
+            - rabbitmq
       authorizationserver:
         client:
           mgt_api_client:
@@ -27,7 +36,8 @@ spring:
                 - client_credentials
               client-authentication-methods:
                 - client_secret_basic
-              require-proof-key: true
+              token-settings:
+                access-token-format: reference              
               scopes: 
                 - openid
                 - profile
@@ -37,6 +47,7 @@ spring:
             registration:
               provider: spring
               client-id: rabbitmq_client_code
+              require-proof-key: true              
               authorization-grant-types: 
                 - authorization_code
               client-authentication-methods:
@@ -51,5 +62,3 @@ spring:
                 - rabbitmq.tag:administrator
                 - rabbitmq.tag:management
               client-name: rabbitmq_client_code
-
-            

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+export OAUTH_PROVIDER_URL=https://spring:8443/`
	`2`	`+export OAUTH_NODE_EXTRA_CA_CERTS=multi-oauth/devkeycloak/ca_certificate.pem`