Hi folks, I tried to authenticate a qpid-cpp client using XOAUTH2 SASL mechanism agains Qpid Broker-J but it did not work for me.
I assumed that cyrus-sasl-xoauth2 ( https://github.com/moriyoshi/cyrus-sasl-xoauth2.git) might work with qpid-cpp client as its SASL layer is built on top of cyrus-sals. Thus, I built cyrus-sasl-xoauth2 from sources and installed it on my fedora 33 into /usr/lib/sasl2. I tried to run client example hello_world using export QPID_SSL_CERT_DB=sql:./nssdb export LD_LIBRARY_PATH=/usr/lib/sasl2:. export QPID_LOG_ENABLE="trace+" ./examples/messaging/hello_world localhost:5671 'test;{create:always}' '{username:<user id>,password:<access_token>,transport:ssl}' In the above, i specified my id and access token under <user id> and <access_token> respectively. An authentication had failed for me with the following trace logs: 2020-12-29 19:24:45 [Security] debug SslConnector created for 0-10 2020-12-29 19:24:45 [System] info Connecting: 192.168.1.102:5671 2020-12-29 19:24:45 [Client] debug RECV [[192.168.1.102:desktop:5671]]: INIT(0-10) 2020-12-29 19:24:45 [Security] trace RECV [[192.168.1.102:desktop:5671]]: Frame[BEbe; channel=0; {ConnectionStartBody: server-properties={product:V2:7:str16(unknown),qpid.build:V2:7:str16(unknown),qpid.features:[{V2:17:str16(qpid.jms-selector)}]list([{V2:17:str16(qpid.jms-selector)}]),qpid.federation_tag:V2:36:str16(d00c463d-05b4-4f9b-9926-03229b53c8b9),qpid.instance_name:V2:6:str16(Broker),qpid.message_compression_supported:V2:4:str16(true),qpid.queue_lifetime_supported:V2:4:str16(true),qpid.virtualhost_properties_supported:V2:4:str16(true),version:V2:14:str16(9.0.0-SNAPSHOT)}; mechanisms=str16{V2:7:str16(XOAUTH2)}; locales=str16{V2:5:str16(en_US)}; }] 2020-12-29 19:24:45 [Security] debug CyrusSasl::start(XOAUTH2) 2020-12-29 19:24:45 [Security] debug external SSF detected and set to 128 2020-12-29 19:24:45 [Security] debug min_ssf: 0, max_ssf: 256 2020-12-29 19:24:45 [System] debug Exception constructed: Can't authenticate using XOAUTH2 2020-12-29 19:24:45 [Client] warning Closing connection due to Can't authenticate using XOAUTH2 2020-12-29 19:24:45 [Security] trace SENT [[192.168.1.102:desktop:5671]]: Frame[BEbe; channel=0; {ConnectionCloseBody: reply-code=501; reply-text=Can't authenticate using XOAUTH2; }] 2020-12-29 19:24:45 [Security] trace RECV [[192.168.1.102:desktop:5671]]: Frame[BEbe; channel=0; {ConnectionCloseOkBody: }] 2020-12-29 19:24:45 [System] debug Exception constructed: Can't authenticate using XOAUTH2 It seems that XOAUTH2 SASL authentication might not be supported, unless I am doing something wrong... Is there any way to make XOAUTH2 authentication working with a qpid-cpp client? Kind Regards, Alex
