search

rabbitmq / rabbitmq-stream-dotnet-client

RabbitMQ client for the stream protocol
https://rabbitmq.github.io/rabbitmq-stream-dotnet-client/stable/htmlsingle/index.html
Other
122 stars 41 forks source link

Updating SuperStream Connection Access Token #340

Closed Gsantomaggio closed 9 months ago

Gsantomaggio commented 11 months ago

Discussed in https://github.com/rabbitmq/rabbitmq-stream-dotnet-client/discussions/334

Originally posted by **lngvivek** December 13, 2023 We are using SuperStream dotnet client version 1.7.2 For Authentication with Rabbit, we are using IdenitityServer Acces Token. It works perfectly on initial connection. However once the access toke expires, we were looking for something UpdateSecret (as used to be in Queue based sdk) on Connection object so that our connection is updated with lastest Access token. Could not find any such option for updating token to RabbitMQ.Stream.Client.StreamSystem. Could anyone pls suggest on how to refresh the token?
Gsantomaggio commented 11 months ago

@simone-fariselli will follow this issue.

simone-fariselli commented 10 months ago

Hi @Gsantomaggio, I created the following method in the Client class:

internal async Task UpdateSecret()
{   
    var saslHandshakeResponse =
        await Request<SaslHandshakeRequest, SaslHandshakeResponse>(corr => new SaslHandshakeRequest(corr))
            .ConfigureAwait(false);
    _logger?.LogDebug("Sasl mechanism: {Mechanisms}", saslHandshakeResponse.Mechanisms);

    var saslData = Encoding.UTF8.GetBytes($"\0{Parameters.UserName}\0{Parameters.Password}");
    var authResponse =
        await Request<SaslAuthenticateRequest, SaslAuthenticateResponse>(corr =>
                new SaslAuthenticateRequest(corr, Parameters.AuthMechanism.ToString().ToUpperInvariant(),
                    saslData))
            .ConfigureAwait(false);
    ClientExceptions.MaybeThrowException(authResponse.ResponseCode, Parameters.UserName);
}

which should handle the change of secret (i.e of the access_token).

I get an applicative timeout and the following error log from the server:

unknown command {request,101,
                    {sasl_authenticate,<<"PLAIN">>,
                        <<0,103,117,101,115,116,0,103,117,101,115,116>>}}, sending close command.
Ignored unknown message emit_stats in state close_sent
Closing connection because of timeout in state 'close_sent' likely due to lack of client action.
unknown command {request,101,sasl_handshake}, sending close command.
Ignored unknown message emit_stats in state close_sent
Closing connection because of timeout in state 'close_sent' likely due to lack of client action.

I'm missing something.

acogoluegnes commented 10 months ago

@simone-fariselli Make sure to use 3.13 (alpha or RC). There's a test in the stream Java client suite.

The server PR that adds support to update a secret in a stream connection is in 3.13: https://github.com/rabbitmq/rabbitmq-server/pull/9187.

acogoluegnes commented 10 months ago

Note the token update should be done transparently in the background. Getting a new token (by calling a specific CredentialsProvider implementation) and updating the token should be decoupled. The design of the AMQP .NET client should be appropriate for the stream client library as well.

Gsantomaggio commented 9 months ago

dove via https://github.com/rabbitmq/rabbitmq-stream-dotnet-client/pull/342