Closed michaelklishin closed 5 years ago
I have considered making the new function return a connection.update-secret-ok
instance but it carries no useful information to the client (simply confirms a success). So I went with returning an ok
and making connection-to-channel propagation entirely asynchronous. This can be changed if consistency is important here. @acogoluegnes @dumbbell @kjnilsson any objections to this choice?
I hope at some point token renewal can be performed by the library, much like what we are doing with the Java client for the initial 3.8 release.
Also note that in case of an error, we consider it to be a connection-level (unrecoverable) exception because that's how all connection.*
class methods operate at the moment. So errors are communicated asynchronously as well and not in the return value. https://github.com/rabbitmq/rabbitmq-auth-backend-oauth2/pull/29 contains integration tests.
This introduces support for a new AMQP 0-9-1 extension,
connection.update-secret
, which is used to update authZ backend state when it can expire. Specifically we want to support client-driven JWT/OAuth 2 access token "renewal" without reconnection.See https://github.com/rabbitmq/rabbitmq-auth-backend-oauth2/issues/28 for background.