Periodically check user credentials

[Sam89Jha]

I don't find a way to check user periodically from auth plugin.

Scenario : User connected to RabbitMQ and AuthPlugin get the call for check_user only at the time of connection, but what if user is no longer available in system after connection or some permission has been removed/modified ? is there any inbuilt way in rabbitmq to have periodic call to check user in some configurable seconds/minutes/hours etc.

[michaelklishin]

Thank you for your time.

Team RabbitMQ uses GitHub issues for specific actionable items engineers can work on. GitHub issues are not used for questions, investigations, root cause analysis, discussions of potential issues, etc (as defined by this team).

We get at least a dozen of questions through various venues every single day, often light on details. At that rate GitHub issues can very quickly turn into a something impossible to navigate and make sense of even for our team. Because GitHub is a tool our team uses heavily nearly every day, the signal/noise ratio of issues is something we care about a lot.

Please post this to rabbitmq-users.

Thank you.

[michaelklishin]

When a user is deleted, all of its connections will be closed (as of 3.7.0). Same for the virtual host. There are no "reauthentication" events regardless of what plugin is used. If you want to remove a user from the system with an older version, remove its permissions first and clients will notice as any operations they attempt will begin failing.

rabbitmq-auth-backend-oauth2 (targeting RabbitMQ 3.8) will have expiring credentials because JWT tokens expire and must be checked at certain points. Implementations are not required to do this at timed intervals, however.

[michaelklishin]

When a permission has been modified, it should be communicated via check_resource_access/3 (or, with this specific plugin, the resource access endpoint), not via reauthentication. Authentication is not the same thing as authorization.