Can OAuth authorization be used while using amqp10 package for amqps protocol to connect solace brok

In my nodejs based application I am trying to connect solace broker using amqps protocol and package I am using is **amqp10 ** however I am unable to connect it. As per the doc I am creating the uri as 'amqps://:@broker-host:5671?amqp.saslMechanisms=XOAUTH2'.

But this is not working. Any suggestions? Please share if any sample is available. Is there any alternative?

let uri = "amqps://admin:" + token.access_token + "@svc-solace-broker:5671?amqp.saslMechanisms=XOAUTH2";
        amqpClient.connect(uri).then(() => {
            // create a sender to the queue
            return amqpClient.createSender(self.queueName);
        }).then((amqpSender) => {
            self.log(`Sending message '${message}'...`);
            return amqpSender.send(message).then(() => {
                self.log('Message sent successfully.');
                self.exit();
            }, (error) => {
                self.error(error);
            });
        });


Tagged:

Best Answer

  • prashantk2000
    prashantk2000 Member Posts: 29
    edited January 2023 #2 Answer ✓

    Hi,

    I got the success with other lib i.e. rhea. Not sure if amqp10 lib supports or not but it is not actively maintained. Rhea lib is actively maintained and has support for OAuth2. Below is discussion in github page of Rhea lib.

    https://github.com/amqp/rhea/issues/393

    This is how I did it in Rhea lib

    const options: ContainerOptions = {
       host: 'localhost',
       port: 5671,
       username: 'devuser',
       token: token.access_token,
       id: 'testclient',
       transport: 'tls',
       ca: [fs.readFileSync(path.resolve(__dirname + "../..", 'certificate.pem'))],
       sasl: {enabled:true},
       container_id: "testcontId",
       sasl_mechanism: ["XOAUTH2"]
    }
    this.container = create_container(options);
    this.connection = this.container.connect(options);
    


    Thanks,

Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 889 admin

    Hi @prashantk2000,

    Looking at the docs this should definitely be possible.

    A few questions/notes:

    1. "admin" is usually the default management username and can not send messages. So you'll just want to verify you're using a client-username and not a management one.
    2. Where did you see to add the "admin: + token.access_token"@" into the URL? I didn't see that in the docs. (It might be correct - I'm honestly not sure)
    3. Can you share what error you get?

    Hope that helps,

    Marc

  • prashantk2000
    prashantk2000 Member Posts: 29
    edited January 2023 #4

    Hi @marc,

    I was referring to 'Provisioning & Configuration Information' for amqp under 'OAuth Authentication' for the client authentication - https://docs.solace.com/Security/Client-Authentication-Overview.htm

    As per the doc '<username> is a placeholder. The client username is derived from the access token.' I believe providing 'admin' username won't be issue. I also tried with one user created 'devuser' with access_token however it didn't work.

    I tried below sample in our env for Basic auth, which works very well

    https://tutorials.solace.dev/nodejs-amqp/persistence-with-queues/


    For error message

    let encodedAccessToken = Buffer.from(token.access_token).toString('base64');
            let uri = 'amqps://devuser:'+ encodedAccessToken +'@svc-solace-broker:5671?amqp.saslMechanisms=XOAUTH2';
            amqpClient.connect(uri).then(() => {
                // create a sender to the queue
                return amqpClient.createSender(self.queueName);
            }).then((amqpSender) => {
                self.log(`Sending message '${message}'...`);
                return amqpSender.send(message).then(() => {
                    self.log('Message sent successfully.');
                    self.exit();
                }, (error) => {
                    self.error(error);
                });
            }).error(function(err) {
                console.log("error: ", err);
            });
    


    I tried capturing the error in the error function, but it never gets called. Not sure what I am missing.

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 889 admin

    Hi @prashantk2000,

    Interesting that you're not getting an error. Best to check the docs for the amqp client api that you're using. From a quick a quick google it seems like they have a long outstanding issue in allowing you to catch the error: https://github.com/noodlefrenzy/node-amqp10/issues/342

    On the Solace side of things can you verify that you set these options up and enabled OAuth authentication on the messaging service/vpn? https://docs.solace.com/Security/Configuring-OAuth-Authorization.htm

  • prashantk2000
    prashantk2000 Member Posts: 29
    edited January 2023 #6

    Hi @marc ,

    I will check if I can catch the error.

    I already configured the OAuth on broker, and I am currently using the OAuth for MQTT and the https protocol. For the AMQP only it isn't working :(

  • prashantk2000
    prashantk2000 Member Posts: 29

    Hi @marc ,

    I see error in client application log as AmqpNotImplementedError: XOAUTH2

    and here is client object I am creating

    '''

    '''


    Error logs below, please suggest

    ''' Unhandled rejection AmqpNotImplementedError: XOAUTH2 is not a supported saslMechanism policy not yet implemented
    
    17
        at /apps/node_modules/amqp10/lib/amqp_client.js:136:15
    
    16
        at Promise._execute (/apps/node_modules/bluebird/js/release/debuggability.js:384:9)
    
    15
        at Promise._resolveFromExecutor (/apps/node_modules/bluebird/js/release/promise.js:518:18)
    
    14
        at new Promise (/apps/node_modules/bluebird/js/release/promise.js:103:10)
    
    13
        at AMQPClient.connect (/apps/node_modules/amqp10/lib/amqp_client.js:121:10)
    
    12
        at Object.QueueConsumer.self.receive (/apps/dist/services/QueueConsumer.js:101:20)
    
    11
        at /apps/dist/services/securityService.js:76:37
    
    10
        at processTicksAndRejections (internal/process/task_queues.js:95:5)
    

    '''

  • prashantk2000
    prashantk2000 Member Posts: 29
    edited January 2023 #8 Answer ✓

    Hi,

    I got the success with other lib i.e. rhea. Not sure if amqp10 lib supports or not but it is not actively maintained. Rhea lib is actively maintained and has support for OAuth2. Below is discussion in github page of Rhea lib.

    https://github.com/amqp/rhea/issues/393

    This is how I did it in Rhea lib

    const options: ContainerOptions = {
       host: 'localhost',
       port: 5671,
       username: 'devuser',
       token: token.access_token,
       id: 'testclient',
       transport: 'tls',
       ca: [fs.readFileSync(path.resolve(__dirname + "../..", 'certificate.pem'))],
       sasl: {enabled:true},
       container_id: "testcontId",
       sasl_mechanism: ["XOAUTH2"]
    }
    this.container = create_container(options);
    this.connection = this.container.connect(options);
    


    Thanks,

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 889 admin

    Thanks for the update @prashantk2000. Glad to hear you got it working and thanks for letting us know what library worked for you!