Cant login to rabbitmq

[mdrio]

Hi, I am trying to configure oauth2 on rabbitmq with keycloak as token issuer. I am following this tutorial. Anyway I am having some trouble, failing to login using both the management API and the pika example.

The management API stdout:

+ CLIENT_ID=mgt_api_client
+ CLIENT_SECRET=LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa
+ REALM=test
+ URL=https://localhost:8443/realms/test/protocol/openid-connect/token
++ curl -k https://localhost:8443/realms/test/protocol/openid-connect/token --silent --location --request POST --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode cli
ent_id=mgt_api_client --data-urlencode client_secret=LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa --data-urlencode grant_type=client_credentials
+ TOKEN='{"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJHbmwyWmxiUmgzckFyNld5bWM5ODhfNWNZN1Q1R3VlUGQ1ZHBKbFhESlVrIn0.eyJleHAiOjE3MzIwMzM4OTUsImlhdCI6MTczMjAzMzU5NSwianRp
IjoiZWU4NjdkYTgtMTM5ZC00NDJlLWFiNDMtNGM2M2E1YzEyZTc3IiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0My9yZWFsbXMvdGVzdCIsImF1ZCI6InJhYmJpdG1xIiwic3ViIjoiMmUzNDllNTUtOGMyZi00NDYxLWI0NGYtMjk3N2QzYjExM2
YzIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWd0X2FwaV9jbGllbnQiLCJzY29wZSI6ImVtYWlsIHJhYmJpdG1xLnRhZzphZG1pbmlzdHJhdG9yIiwiY2xpZW50SWQiOiJtZ3RfYXBpX2NsaWVudCIsImNsaWVudEhvc3QiOiIxOTIuMTY4LjgwLjEiLCJl
bWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEFkZHJlc3MiOiIxOTIuMTY4LjgwLjEifQ.ZlQ-TTjvW1AuldIg8uAzk8xwBAVuYGTYE6AoieYpCQZHt1Sp8n6CshlOeyS7e-dg6y1McD9pz-rDt3CZXSdAgF1Jyj3Kakk15aal6Rn2zcuMmZBrr1uiRb7
QmZHBI-viAXFoXdWsmNft7J1X0iKBnXRBJFnBVcm61mf6VmPOHFhnSmjeNg9xbh-nr0BADCe1x7W0RnKlsuZyaajy1zUoVC_lFsNFJHqKEqoqaMhlrxEFof_66Z4qx85NU8xDca5NyUbokVGKq_hWb76KgYjLNmpFHqqlRIkURtI0CDmDlCYoBDopmMHEW
O507Tx2dDvTNdjVPfDNSR5RNKAWJ3DBIQ","expires_in":300,"refresh_expires_in":0,"token_type":"Bearer","not-before-policy":0,"scope":"email rabbitmq.tag:administrator"}'
+ jq -r .access_token
{"error":"not_authorized","reason":"Not_Authorized"}⏎                                                                                                                                         

With this related line in the rabbitmq logs:

2024-11-19 16:26:35.554287+00:00 [warning] <0.903.0> HTTP access denied: user '' - invalid credentials

While the pika example exits with:

python pika-client/producer.py producer kbOFBXI9tANgKUq8vXHLhT6YhbivgXxn
pika version: 1.3.2
Traceback (most recent call last):
  File "/home/mauro/projects/rabbitmq-oauth2-tutorial/pika-client/producer.py", line 25, in <module>
    connection = pika.BlockingConnection(pika.ConnectionParameters(
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/mauro/projects/rabbitmq-oauth2-tutorial/venv/lib/python3.12/site-packages/pika/adapters/blocking_connection.py", line 360, in __init__
    self._impl = self._create_connection(parameters, _impl_class)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/mauro/projects/rabbitmq-oauth2-tutorial/venv/lib/python3.12/site-packages/pika/adapters/blocking_connection.py", line 451, in _create_connection
    raise self._reap_last_connection_workflow_error(error)
pika.exceptions.ProbableAuthenticationError: ConnectionClosedByBroker: (403) 'ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.'

With this rabbitmq log:

2024-11-19 16:30:17.566967+00:00 [info] <0.920.0> accepting AMQP connection 192.168.80.1:35990 -> 192.168.80.3:5672
2024-11-19 16:30:17.571156+00:00 [error] <0.920.0> Error on AMQP connection <0.920.0> (192.168.80.1:35990 -> 192.168.80.3:5672, state: starting):
2024-11-19 16:30:17.571156+00:00 [error] <0.920.0> PLAIN login refused: user '' - invalid credentials
2024-11-19 16:30:17.573430+00:00 [info] <0.920.0> closing AMQP connection (192.168.80.1:35990 -> 192.168.80.3:5672, duration: '7ms')

Reproduction steps

1. add "localhost keycloak rabbitmq" to /etc/hosts
2. make start-keycloak
3. export MODE=keycloak make start-rabbitmq
4. make curl-keycloak url=http://localhost:15672/api/overview client_id=mgt_api_client secret=LWOuYqJ8gjKg3D2U8CJZDuID3KiRZVDa
   5. python3 --version pip install pika pip install requests python3 pika-client/producer.py producer kbOFBXI9tANgKUq8vXHLhT6YhbivgXxn

Expected behavior

Both management API call and the pika one should login and exit without errors

Additional context

No response