How to set oauthbearer.sub.claim.name for OIDC/oauth

[edriscoll-softheon]

Hello,

I am using the lbrdkafka (Confluent.Kafka 2.5.2) libraries to connect to a kafka cluster.

however the kafka cluster we are attempting to connect to has configured an oidc authentication method, and set the oauthbearer.sub.claim.name to "client_id"

I have not been able to find a way to set this value on a client (consumer or producer) in order to get past the following error

09:22:07.4063|ERROR||Client: rdkafka#producer-1, , Message: [thrd:background]: Failed to acquire SASL OAUTHBEARER token: Expected JSON JWT response with "sub" field|

Looked at the tokens we are getting back from their authentication system and they indeed do not have a claim for "sub".

is there any way to configure the sasl.oauthbearer.sub.claim.name especially without the ability to set sasl.jaas.config? I also tried setting the sasl.oauthbearer.config to 'principalClaimName=client_id' but got the same error result.

https://docs.confluent.io/platform/current/installation/configuration/consumer-configs.html#sasl-oauthbearer-sub-claim-name this document makes me feel like it should be possible, but i have not found a way to do so with the lbrdkafka library.