What is the alternative to use instead of Basic Auth(Authorisation)?

[Naseer Pasha R]

We are using the RabbitMQ version 3.11.0 and Erlang version 25.1 in the Windows OS system.

We are using RabbitMQ Rest APIs to create dynamic shovels and to read shovel status and to check connectivity. As per document (All URIs will serve only resources of type application/json, and will require HTTP basic authentication (using the standard RabbitMQ user database)).

Hence we are using Basic Auth. Due to this SONAR and security static code Analyzer is giving security issues that Basic Auth should not be used as below. 

 "Use a more secure method than basic authentication."

We have referred to the article below and could not get any idea.

https://www.rabbitmq.com/access-control.html

So please let us know that What is the alternative to use instead of Basic Auth?

--

Thanking You,
Naseer Pasha R

[Michal Kuratczyk]

https://www.rabbitmq.com/management.html#oauth2-authentication

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/CAF-%2B2mrHx7Wz4C7QAYZ%3DpH_rfBVHtG-XQ9avHbd3jvWkq8WxCA%40mail.gmail.com.

--

Michał

RabbitMQ team

[Marcial Rosales]

Hi, you can also use TLS authentication which is explained in https://www.rabbitmq.com/access-control.html#certificate-authentication

It requires issuing X509 Certificates to all your client applications and RabbitMQ relies on TLS peer vertification mechanism instead of credentials (username/password)

And alternative is what Michal suggested, to use OAuth2. There are lots of tutorials about it here: https://github.com/rabbitmq/rabbitmq-oauth2-tutorial