Unified Auth

[ric-evans]

It would be nice to have some way of generating auth strings (tokens) for clients, which is agnostic of the specific backend. However, this (more than likely) may not be possible as the backend may dictate the token standard. See "Open Questions" below.

First, implement out-of-the-box auth for the rest of the implementations: https://github.com/WIPACrepo/MQClient-GCP, https://github.com/WIPACrepo/MQClient-NATS, and https://github.com/WIPACrepo/MQClient-RabbitMQ

Open Questions

• Is there an already-unified token standard? Probably not.
• Is it fine for the spawner process to be cognizant of its child's chosen backend?
• Is there a way to factorize the creation of a token depending on the backend, pre-spawn? Then pass it to the child process.
• A temptation here is to use token-indirection, via an authorized system that a client calls into (input: backend type) to receive a token specified for its backend to communicate with the queue (output: token string)--is this overkill?

Note to Self

• Search slack for "there's been some work on integrating auth for the various mq implementations"

[dsschult]

One thing to consider is that the library itself may not be the best place for this. Instead, in a larger system the raw queue might be hidden behind a service. You could then secure the service with oauth2, and it would be responsible for exchanging proper auth tokens between the raw queue and any clients. (thinking EWMS here, where there will be multiple queues and one needs to be chosen by a higher level service)

So my main goal is just being able to pass auth down to the queue, even if it is queue-specific.

[ric-evans]

The rabbitmq auth will be implemented by #74