azure-event-hubs-for-kafka icon indicating copy to clipboard operation
azure-event-hubs-for-kafka copied to clipboard

Published 20 hours ago verified publisher icon Azure

.net core sample

Open luisedcastillo opened this issue 5 years ago • 12 comments

Description

Please, is there a way to have a .net core 3.1 guidelines? Now we want to implement Manage Identity using event hubs, but we are not able to follow your explanation because we cannot create authenticate callback.

How to reproduce

Has it worked previously?

<Is this a first attempt at getting the sample application to run, or has it worked in the past?>

Checklist

IMPORTANT: We will close issues where the checklist has not been completed or where adequate information has not been provided.

Please provide the relevant information for the following items:

  • [x] SDK Confluent's Apache Kafka .NET client V 1.3.0
  • [ ] Sample you're having trouble with: <REPLACE with e.g., Java quickstart>
  • [] If using Apache Kafka Java clients or a framework that uses Apache Kafka Java clients, version: <REPLACE with e.g., 1.1.0>
  • [ ] Kafka client configuration: <REPLACE with e.g., auto.reset.offset=earliest, ..> (do not include your connection string or SAS Key)
  • [ ] Namespace and EventHub/topic name
  • [ ] Consumer or producer failure <REPLACE with e.g., Consumer failure>
  • [ ] Timestamps in UTC <REPLACE with e.g., Nov 7 2018 - 17:15:01 UTC>
  • [ ] group.id or client.id <REPLACE with e.g., group.id=cg-name>
  • [ ] Logs provided (with debug-level logging enabled if possible, e.g. log4j.rootLogger=DEBUG) or exception call stack
  • [ ] Standalone repro <REPLACE with e.g., Willing/able to send scenario to repro issue>
  • [ ] Operating system: <REPLACE with e.g., Ubuntu 16.04.5 (x64) LTS>
  • [ ] Critical issue

If this is a question on basic functionality, please verify the following:

  • [ ] Port 9093 should not be blocked by firewall ("broker cannot be found" errors)
  • [ ] Pinging FQDN shoudl return cluster DNS resolution (e.g. $ ping namespace.servicebus.windows.net returns ~ ns-eh2-prod-am3-516.cloudapp.net [13.69.64.0])
  • [ ] Namespace should be either Standard or Dedicated tier, not Basic (TopicAuthorization errors)

luisedcastillo avatar Mar 10 '20 21:03 luisedcastillo

@serkantkaraca

arerlend avatar Mar 13 '20 23:03 arerlend

Confluent Kafka .Net client doesn't support OauthBearer yet. See active issue tracking here https://github.com/confluentinc/confluent-kafka-dotnet/issues/871

serkantkaraca avatar Mar 16 '20 20:03 serkantkaraca

confluent-kafka-dotnet now supports OAuth - they don't have samples yet, but they recommend checking out their integration tests. We will add samples to this repository soon.

https://github.com/confluentinc/confluent-kafka-dotnet/tree/master/test/Confluent.Kafka.IntegrationTests/Tests

arerlend avatar Nov 30 '20 18:11 arerlend

@arerlend : Is there any update on samples for .net core

KunalAdu avatar May 14 '21 13:05 KunalAdu

@arerlend : Do we have the sample for .net desktop app to connect to kafka using OAuth

kamleshsingh4u avatar Jun 17 '21 07:06 kamleshsingh4u

@kamleshsingh4u Confluent C# library recently provided an API for OAuthBearer auth. I am planning to add a sample soon.

serkantkaraca avatar Jun 17 '21 15:06 serkantkaraca

confluent-kafka-dotnet now supports OAuth - they don't have samples yet, but they recommend checking out their integration tests. We will add samples to this repository soon.

https://github.com/confluentinc/confluent-kafka-dotnet/tree/master/test/Confluent.Kafka.IntegrationTests/Tests

@arerlend Could you please provide the dotnet sample for OAuthBearer

kamleshsingh4u avatar Jun 25 '21 08:06 kamleshsingh4u

@arerlend @serkantkaraca : Is there any update on samples for OAuthBearer in .net ? @luisedcastillo : Did you manage to resolve this?

KunalAdu avatar Sep 07 '21 09:09 KunalAdu

Maybe this helps as a starting point:

var consumerConfig = new ConsumerConfig
{
    SaslMechanism = SaslMechanism.OAuthBearer,
    SaslOauthbearerConfig = "https://my-eventhub-namespace.servicebus.windows.net/.default"
};

using var kafkaConsumer = new ConsumerBuilder<byte[], byte[]>(consumerConfig)
            .SetOAuthBearerTokenRefreshHandler(TokenRefreshHandler)
            .Build();

[...]

private void TokenRefreshHandler(IConsumer<byte[], byte[]> consumer, string config)
{
    var credentials = new DefaultAzureCredential();
    var request = new TokenRequestContext(new[] { config });

    try
    {
        var token = credentials.GetToken(request);
        consumer.OAuthBearerSetToken(token.Token, token.ExpiresOn.ToUnixTimeMilliseconds(), "NoName");
    }
    catch (Exception e)
    {
        consumer.OAuthBearerSetTokenFailure(e.Message);
    }
}

PSanetra avatar Sep 07 '21 12:09 PSanetra

Here's a successful implementation of SASL/OAUTH OauthTokenRefreshCallback in dotnet

https://github.com/sookeke/jps-pidp/blob/dev-merge/backend/webapi/Kafka/Consumer/KafkaConsumer.cs

sookeke avatar Nov 26 '22 01:11 sookeke

@PSanetra maybe this is a dumb question, but what should be a principal, that is passed to OAuthBearerSetToken? Just "NoName"?

inikulshin avatar May 04 '23 07:05 inikulshin

@inikulshin good question. I have tried to find documentation about that parameter and looked into the librdkafka source code. As far as I see this name is just used for logging purposes and maybe as an identifier for the token, but has no further impact on the authorization or authentication mechanism.

PSanetra avatar May 04 '23 08:05 PSanetra