Request/Reply with dynamic topics after authenticating with Oauth2

MartinL

Hye guys,
I' ve set up a request/reply in using the message gateway. Everything runs fine. Now I want my user first to authenticate on my keycloak server and then make the request/reply just for his user. But there are 2 things not completely clear to me. Do I have to do this with a dynamic queue or topic that includes for ex. his name, or is this all done by the message gateway now - so he will definitly get his response? The other thing is, do I have to connect solace plus with keycloak that the user will also be accepted by solace? Maybe someone can give me a hint to this. I read a about the correlation-ID but I am not sure, if this is all I need?!

marc

Hi @MartinL,

Sorry for the delayed response. I think I follow your questions and will take a first stab at answering them:
1. If you are using the broker in microgateway mode the broker will automatically handle the correlation of the response back to your requestor. No need for you to add a client-username or anything like that in the topic hierarchy for the specific purpose of correlating replies. Of course from a best practices perspective please have a well defined topic hierarchy to enable fine grained routing and filtering for other re-use of the events
2. I believe keycloak is your oauth provider? if so you will need to configure the solace message vpn to use it. Details on that in the docs here: https://docs.solace.com/Configuring-and-Managing/Configuring-OAuth-Authorization.htm

Hope that helps!

MartinL

@marc Hello Marc, I recognized the last days 1900 views on my message. Maybe you have an idea, how you can help me with this topic. It seems to be interesting for more people.

marc

Hi @MartinL,

Sorry for the delayed response. I think I follow your questions and will take a first stab at answering them:
1. If you are using the broker in microgateway mode the broker will automatically handle the correlation of the response back to your requestor. No need for you to add a client-username or anything like that in the topic hierarchy for the specific purpose of correlating replies. Of course from a best practices perspective please have a well defined topic hierarchy to enable fine grained routing and filtering for other re-use of the events
2. I believe keycloak is your oauth provider? if so you will need to configure the solace message vpn to use it. Details on that in the docs here: https://docs.solace.com/Configuring-and-Managing/Configuring-OAuth-Authorization.htm

Hope that helps!

MartinL

Hello @marc,

yes that helps me a lot especially 1. For 2. I have another question. If I use the microgateway with REST the token is just passed trough in the payload and I normally don't need it there?!?? Is that right? So that's what the note on your link (Solace PubSub+ event brokers support OAuth authorization only for MQTT clients) means?