Hi Emanuele, The inability to generate the assertion will ultimately end up as a javax.security.auth.login.LoginException. The OAuth layer uses the same error handling as the other Kafka client security plugins.
Thanks, Kirk On Sat, May 3, 2025, at 6:11 AM, Emanuele Sabellico wrote: > Thanks for the KIP Kirk! I have this question: > > 1. `sasl.oauthbearer.assertion.algorithm` is used to select the JOSE > signature algorithm so it also contains the hash size. Just you have to > choose one that matches your private key algorithm, only SHA256 at the > moment. What kind of error is returned in Java client in case the > configured JOSE algorithm isn't compatible with the private key? > > Thanks! > Emanuele > > On 2025/03/14 18:51:18 Kirk True wrote: > > Hi all, > > > > I would like to start a discussion for KIP-1139: Add support for OAuth > jwt-bearer grant type: > > > > https://cwiki.apache.org/confluence/x/uIxEF > > > > The proposal is twofold: > > > > * Add support for the OAuth 2.0 JWT Bearer grant type to avoid use of > plaintext client secrets > > * Promote internal APIs for public use by this and future OAuth work > > > > Thanks! > > Kirk >
