Request for support of SASL MSSBCBS

[anthonyvercolano]

We (the Azure IoT SDK) team would like to see support for the SASL MSSBCBS protocol. There is a specification for this in

However for amqp10 there isn't much to do. The mechanics of the utilizing MSSBCBS are handled above amqp10. What would be needed, I believe, is the ability for the application to configure the client to prefer MSSBCBS if amqp10 is presented with a SASL frame during connection time.

If the application wants to use MSSBCBS then the application will NOT be providing ANY authentication information to amqp10.

[mbroadst]

From what I can tell this would appear to require some refactoring of our SASL code, which was already showing its age when @dnwe had to work with it a few weeks ago.

If I'm not mistaken the refactor would basically require:

• splitting the existing sasl.js into "SASL plugins"
• pass the AMQPClient to the plugin's negotiate method
  • this allows the plugin to maintain extra state using the client, in the case of MSSBCBS this would entail creating the two requisite CBS links and sending any initial data there

From then on, you would be able to reference the links on the client itself and perhaps as children of the attached sasl plugin instance. I think that would handle the link side of the equation, but it remains to be seen what other requirements there are in terms of providing some user api for exchanging tokens (or if tokens need to be attached to messages, etc)

[anthonyvercolano]

There is a current c implementation in the Azure uAMQP where essentially a CBS object is provided by uAMQP. The cbs object is maintained by uAMQP. It provides as part of its interface a method to be handed a new sas token and it takes care of putting the token and processing the response. Callbacks are used to provide the status to the application (in this case the iot sdk. I just wasn't sure that this level of code was something that was desired in amqp10