How to use/ enable oAuth2 in spring cloud stream to connect to Solace broker ?

I have implemented spring cloud solace binder to consume messages from Solace Queue.

I am using Azure OAuth and registered the app as well as enabled OAuth on the solace broker.

I am having hard time finding Oauth properties to connect to solace binder.

Referred to various dev tutorials and could only find below properties with basic auth.

binders:
  local-solace:
    type: solace
      environment:
         solace:
           java:
             host: tcp://localhost:55555
             msgVpn: default
             clientUsername: default
             clientPassword: default


Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 889 admin

    Hi @chatumoh,

    Solace's Spring Cloud Stream binder uses our Spring Boot JCSMP starter to connect to the broker so you can set any properties defined here: https://github.com/SolaceProducts/solace-spring-boot/tree/master/solace-spring-boot-starters/solace-java-spring-boot-starter#updating-your-application-properties

    In the case of OAUTH you'll want to set JCSMPProperties.AUTHENTICATION_SCHEME to JCSMPProperties.AUTHENTICATION_SCHEME_OAUTH, JCSMPProperties.OAUTH2_ACCESS_TOKEN, and JCSMPProperties.OAUTH2_ISSUER_IDENTIFIER.  which can all be set under solace.java.apiProperties.


    Hope that helps!

  • chatumoh
    chatumoh Member Posts: 7
    edited April 2023 #3

    @marc I did explore JCSMPProperties and added to my project under solace.java.apiProperties.

    I see JCSMPProperties.OAUTH2_ACCESS_TOKEN expects the token value when i set  JCSMPProperties.AUTHENTICATION_SCHEME to AUTHENTICATION_SCHEME_OAUTH2 retrieved from token endpoint from auth provider which is Azure in my case.

    But i am wondering if sessionHandling i.e. injecting new access token and requesting one when expired would be implicitly handled by SpringJCSMPFactory once client / solace consumer is connected to binder Or how do i manage it on my own in the app?

    Also,  JCSMPProperties.AUTHENTICATION_SCHEME: AUTHENTICATION_SCHEME_OAUTH2 is only supported since v3.4 & i am getting error that AUTHENTICATION_SCHEME_BASIC, AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE,AUTHENTICATION_SCHEME_GSS_KRB" are only supported schemes for solace binder versions lower than v3.4. How can i connect to solace binder with Oauth2 for lower version e.g. v3.2