kafka icon indicating copy to clipboard operation
kafka copied to clipboard

Published 20 hours ago verified publisher icon apache

KAFKA-15878: KIP-768 - Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER

Open jcme opened this issue 1 year ago • 3 comments

Overview

  • This change pertains to SASL/OAUTHBEARER mechanism of Kafka authentication.
  • Kafka clients can use SASL/OAUTHBEARER mechanism by overriding the custom call back handlers .
  • KIP-768 available from v3.1 further extends the mechanism with a production grade implementation.
  • Kafka's SASL/OAUTHBEARER mechanism currently rejects the non-JWT (i.e. opaque) tokens. This is because of a more restrictive set of characters than what RFC-6750 recommends.
  • This JIRA can be considered an extension of KIP-768 to support the opaque tokens as well apart from the JWT tokens.

Solution

  • Have updated the regex in the the offending class to be compliant with the RFC-6750
  • Have provided a supporting test case that includes the possible character set defined in RFC-6750

jcme avatar Nov 22 '23 12:11 jcme

@jcme—I wrote and implemented KIP-768, so I'll take a look at this.

Also, are you able to assign the Jira to yourself? Thanks!

kirktrue avatar Jan 16 '24 18:01 kirktrue

@jcme—Can you trigger a rebuild of the CI job? It looks like the last run didn't work.

kirktrue avatar Jan 17 '24 18:01 kirktrue

@jcme Thanks for the PR. Can you pls rebase the PR to latest trunk?

omkreddy avatar Feb 24 '24 18:02 omkreddy

Thanks very much @kirktrue, @omkreddy for reviewing the PR. Could you help with merging the PR please?

philomathanuj avatar Mar 01 '24 19:03 philomathanuj