Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
qpid-java-broker-9.0.0
-
None
Description
some modern authentication options (XOAUTH2 + JWT) require frames larger then 4096. consider if the max frame size (before an Open frame negotiation) should be larger or should be configurable with some sort of configuration or env variable.
from a discussion on the mailing list
The SASL process occurs first, before the Open frame. The Open frames
are what carries each peers advertised max frame size, mainly aimed at
later message deliveries. The AMQP 1.0 spec defines before this
however that the SASL frames can be at-most the 'min max frame size',
which is fixed at 512 bytes, with no way to negotiate anything larger.As you can probably tell, that presents a problem if things in the
SASL negotiation want to be larger, such as is likely in e.g a newer
XOAUTH2 mechanism that didnt exist when that decision was originally
made.To simply allow some of these newer alternative mechs to work, it was
decided to just allow things to exceed the 512byte limit since both
sides would have to already agree on using a given mech to begin with,
so doing an alternative like creating a custom multi-challenge
batching sequence to shuffle the bytes wasnt really going to be adding
much except significant complexity.It appears broker-j allows up to 4096, and you have now found
something to exceed even that. It doesnt look like it allows
configuring it, but increasing that seems to be the only option that
would help here.