rabbitmq · MarcialRosales · May 29, 2025 · May 29, 2025 · Jun 18, 2025 · Jun 18, 2025
diff --git a/.github/workflows/test-management-ui.yaml b/.github/workflows/test-management-ui.yaml
@@ -75,7 +75,7 @@ jobs:
       if: ${{ failure() && steps.tests.outcome == 'failed' }}
       uses: actions/[email protected]
       env: 
-          SELENIUM_ARTIFACTS: ${{ steps.run-suites.outputs.SELENIUM_ARTIFACTS }}
+          SELENIUM_ARTIFACTS: ${{ steps.tests.outputs.SELENIUM_ARTIFACTS }}
       with:
         name: test-artifacts-${{ matrix.browser }}-${{ matrix.erlang_version }}
         path: |

diff --git a/deps/oauth2_client/Makefile b/deps/oauth2_client/Makefile
@@ -2,7 +2,7 @@ PROJECT = oauth2_client
 PROJECT_DESCRIPTION = OAuth2 client from the RabbitMQ Project
 
 BUILD_DEPS = rabbit
-DEPS = rabbit_common jose
+DEPS = rabbit_common jose base64url
 TEST_DEPS = rabbitmq_ct_helpers cowboy
 LOCAL_DEPS = ssl inets crypto public_key
 

diff --git a/deps/oauth2_client/include/oauth2_client.hrl b/deps/oauth2_client/include/oauth2_client.hrl
@@ -27,6 +27,7 @@
 -define(REQUEST_CLIENT_SECRET, "client_secret").
 -define(REQUEST_SCOPE, "scope").
 -define(REQUEST_REFRESH_TOKEN, "refresh_token").
+-define(REQUEST_TOKEN, "token").
 
 % define access token response constants
 -define(BEARER_TOKEN_TYPE, <<"Bearer">>).
@@ -43,5 +44,6 @@
 -define(RESPONSE_TOKEN_ENDPOINT, <<"token_endpoint">>).
 -define(RESPONSE_AUTHORIZATION_ENDPOINT, <<"authorization_endpoint">>).
 -define(RESPONSE_END_SESSION_ENDPOINT, <<"end_session_endpoint">>).
+-define(RESPONSE_INTROSPECTION_ENDPOINT, <<"introspection_endpoint">>).
 -define(RESPONSE_JWKS_URI, <<"jwks_uri">>).
 -define(RESPONSE_TLS_OPTIONS, <<"ssl_options">>).
diff --git a/deps/oauth2_client/include/types.hrl b/deps/oauth2_client/include/types.hrl
@@ -16,7 +16,8 @@
     token_endpoint :: option(uri_string:uri_string()),
     authorization_endpoint :: option(uri_string:uri_string()),
     end_session_endpoint :: option(uri_string:uri_string()),
-    jwks_uri :: option(uri_string:uri_string())
+    jwks_uri :: option(uri_string:uri_string()),
+    introspection_endpoint :: option(uri_string:uri_string())
 }).
 -type openid_configuration() :: #openid_configuration{}.
 
@@ -28,6 +29,10 @@
     authorization_endpoint :: option(uri_string:uri_string()),
     end_session_endpoint :: option(uri_string:uri_string()),
     jwks_uri :: option(uri_string:uri_string()),
+    introspection_endpoint :: option(uri_string:uri_string()),
+    introspection_client_id :: binary() | undefined,
+    introspection_client_secret :: binary() | undefined,
+    introspection_client_auth_method :: basic | request_param | undefined,
     ssl_options :: option(list())
 }).
 
@@ -73,3 +78,29 @@
 }).
 
 -type refresh_token_request() :: #refresh_token_request{}.
+
+-record(introspect_token_request, {
+  endpoint :: option(uri_string:uri_string()),
+  client_id :: binary() | undefined,
+  client_secret :: binary() | undefined,
+  client_auth_method :: basic | request_param | undefined,
+  ssl_options :: option(list())
+}).
+
+-type introspect_token_request() :: #introspect_token_request{}.
+
+-record(unsuccessful_introspect_token_response, {
+    error :: integer(),
+    error_description :: binary() | string() | undefined
+}).
+
+-type unsuccessful_introspect_token_response() :: #unsuccessful_introspect_token_response{}.
+
+-record(signing_key, {
+    id :: string(),
+    type :: hs256 | rs256,
+    key :: option(binary()),
+    private_key :: option(binary()),
+    public_key :: option(binary())
+}).
+-type signing_key() :: #signing_key{}.