bussin logobussin
Open App

How It Works

Bussin connects directly to Azure Service Bus from your browser, completely bypassing external proxy servers. Here are the details of how the connection model works.

Browser-Native Architecture

Bussin is served as a static single-page application. Once the static HTML and WebAssembly resources are loaded into your browser, the tool operates entirely locally in your browser's security sandbox.

AMQP over WebSockets

Standard browser security sandboxes block direct HTTP REST requests to Azure Service Bus data-plane endpoints because they lack CORS headers. Bussin bypasses this limitation by establishing direct AMQP 1.0 connections over WebSockets (`wss://.servicebus.windows.net:443/$servicebus/websocket`).

Because WebSockets are exempt from CORS restrictions, your browser can safely pipe raw messaging frames directly to the Azure broker over TLS.

Authentication & Required Permissions

Authentication is handled directly in your browser using Microsoft's official library (MSAL.js) via the standard OAuth 2.0 PKCE flow. To list namespaces and manage messages, Bussin requests two delegated scopes:

This means Bussin operates under your active identity and respects your existing Azure roles. To work with messages, ensure your account has one of these built-in roles assigned:

Visual Architecture Flow

This flow diagram shows how authentication, resource discovery, and messaging connections are handled entirely inside your browser's local sandbox:

Browser Sandbox (100% Client-Side) MSAL.js Engine Manages user identities and token caches Blazor WebAssembly UI Renders admin panel and namespace blades Rhea AMQP Wire Engine Pipes raw AMQP 1.0 frames Entra ID (Azure AD) OAuth 2.0 PKCE Auth Provider Azure Resource Manager (ARM) management.azure.com (CORS-REST) Azure Service Bus Data Plane Direct AMQP over WebSockets (Port 443) 1. Acquire Token 2. Return Access Token 3. List Resources (CORS REST) 4. AMQP over WebSockets (WSS)

Related Resources