Using Issuer to receive OAuth Token Endpoint

[Lyphion]

Is your feature request related to a problem? Please describe.

To create a new RabbitMQ Connection with the OAuth2ClientBuilder it is very annoying, that I have to manually provide the TokenEndpoint of my Issuer to the Builder, instead of the Issuer itself.
An option to choose whether you provide the Issuer or the TokenEndpoint directly would help.
This feature requires that the Issuer supports OpenID Connect and the discovery page. The RabbitMQ OAuth 2.0 Authentication Backend supports OpenID Connect and the discovery endpoint.

Describe the solution you'd like

In general the TokenEndpoint used for the connection can be extracted automatically from the discovery page (when using OpenID Connect) of the Issuer (/.well-known/openid-configuration -> 'token_endpoint'-Field).
It would really help if the OAuth2ClientBuilder can accept an Issuer instead of the TokenEndpoint and load/parse the Endpoint by itself while building the client, or an separate Builder for OpenID Connect would be implemented/used.

Describe alternatives you've considered

No response

Additional context

No response

[michaelklishin]

@Lyphion would you mind providing some code examples? I find the current description too vague to be actionable => converting to a discussion.

[michaelklishin]

An option to choose whether you provide the Issuer or the TokenEndpoint directly would help

Seems to be the key part. We need some examples of what that might look like. And very likely this will only ship in 7.x.

[Lyphion]

Based on the example of the .NET/C# Client API Guide, I would prefer if I can choose between providing an Issuer or a TokenEndpoint to the OAuth2ClientBuilder. The condition is, that at least one of them is not null. The TokenEndpoint will be preferred over the Issuer.

When providing the TokenEndpoint, nothing to the current implementation will change. But when only providing the Issuer, the TokenEndpoint will be extracted when building the client, via the discovery endpoint of the Issuer (/.well-known/openid-configuration).

using System;
using RabbitMQ.Client;
using RabbitMQ.Client.OAuth2;

var issuerUri = new Uri("http://somedomain.com");

// When building check if 'tokenEndpoint' is provides, otherwise use 'issuer' to receive 'tokenEndpoint' from discovery page
var oAuth2Client = new OAuth2ClientBuilder(
    "client_id", "client_secret", 
    tokenEndpoint: null,     // <- Optional
    issuer: issuerUri        // <- Optional, Extension
).Build();

ICredentialsProvider credentialProvider = new OAuth2ClientCredentialsProvider("prod-uaa-1", oAuth2Client);

var connectionFactory = new ConnectionFactory {
    CredentialsProvider = credentialProvider
};

var connection = connectionFactory.CreateConnection();

// Do something with the connection

[michaelklishin]

@lukebakken will take a look when he is back from PTO next week.

[lukebakken]

cc @MarcialRosales

@Lyphion you probably have a much better understanding of what you need. A pull request to implement it would be greatly appreciated.

[Lyphion]

I created an initial pull request for the first look. Feedback is welcome. #1656

[MarcialRosales]

What @Lyphion suggests is the right way to do it . This is how RabbitMQ server OAuth2 authentication backend works. Since the introduction of the OpenId 's discovery endpoint, it is very rare that someone wants to manually configure the endpoints. Of course, RabbitMQ's Oauth2 authentication backend allow users statically configure their endpoints and RabbitMq will only discover any missing endpoint the user did not configure.

[lukebakken]

Fixed by #1656 - thank you @Lyphion