Configuring OAuth Authorization
Solace PubSub+ event brokers support two different types of OAuth tokens:
id_token. The OAuth standards state that the
access_token is required and is opaque data and that the
id_token is optional and a JSON Web Token (JWT). PubSub+ event brokers permit both types of tokens and also allow the
access_token to be a JWT.
JWTs can be cryptographically signed. PubSub+ event brokers support JWTs with the
alg claim (a header parameter value) equal to:
ES512. If the
alg claim is anything else, it is rejected as an invalid token. If the header includes a type claim, it must identify the payload as JWT (this corresponds to the
typ claim in the JWT header).
To implement OAuth authorization for clients connecting to a PubSub+ event broker, the following configurations are required on the event broker:
- An OAuth profile must be configured and enabled for OAuth authentication. See Managing Message VPN OAuth Profiles.
- The source used to determine the authorization group must be configured. See Authorization Groups Claim.
- An authorization group must be configured and enabled on the event broker. See Configuring Authorization Groups.