pulsar-jms icon indicating copy to clipboard operation
pulsar-jms copied to clipboard

Published 20 hours ago verified publisher icon datastax

Support OAuth2 client authentication while using ConnectionFactory#createConnection(username/password)

Open eolivelli opened this issue 2 years ago • 1 comments

Pulsar client supports OAuth2 client authentication https://pulsar.apache.org/docs/security-oauth2/

and you can already use it by configuring the PulsarConnectionFactory via authPlugin and authParams.

but there is a request to support it while using ConnectionFactory#createConnection(username/password).

the most straight forward way of mapping OAuth2 client credentials is to map:

  • username -> client_id
  • password -> client_secret

and leave all the other parameters to be set in the ConnectionFactory configuration:

  • jms.oauth2.issuerUrl
  • jms.oauth2.audience
  • jms.oauth2.scope
  • jms.oauth2. client_email

The JMS client will create the "credentials" to be passed to the the AuthenticationFactoryOAuth2.clientCredentials method

eolivelli avatar Jul 08 '22 13:07 eolivelli

@eolivelli - yes, I think these configuration options make sense. The scope, audience, and client_email are optional for some identity providers, so we'll want to treat the as optional.

michaeljmarshall avatar Jul 08 '22 16:07 michaeljmarshall