Hi Ron, For the password example, you could define a login CallbackHandler that processes PasswordCallback to provide passwords. We don't currently do this with PLAIN/SCRAM because login callback handlers were not configurable earlier and we haven't updated the login modules to do this. But that could be one way of providing passwords and integrating with other password sources, now that we have configurable login callback handlers. I was wondering whether similar approach could be used for the parameters that OAuth needed to obtain at runtime. We could still have this KIP with built-in substitutable types to handle common cases like getting options from a file without writing any code. But I wasn't sure if there were OAuth options that couldn't be handled as callbacks using the login callback handler.
On Thu, Apr 5, 2018 at 10:25 PM, Ron Dagostino <rndg...@gmail.com> wrote: > Hi Rajini. Thanks for the questions. I could see someone wanting to > retrieve a password from a vended password vault solution (for example); > that is the kind of scenario that the ability to add new substitutable > types would be meant for. I do still consider this KIP 269 to be a > prerequisite for the SASL/OAUTHBEARER KIP 255. I am open to a different > perspective in case I missed or misunderstood your point. > > Ron > > On Thu, Apr 5, 2018 at 8:13 AM, Rajini Sivaram <rajinisiva...@gmail.com> > wrote: > > > Hi Ron, > > > > Now that login callback handlers are configurable, is this KIP still a > > pre-req for OAuth? I was wondering whether we still need the ability to > add > > new substitutable types or whether it would be sufficient to add the > > built-in ones to read from file etc. > > > > > > On Thu, Mar 29, 2018 at 6:48 AM, Ron Dagostino <rndg...@gmail.com> > wrote: > > > > > Hi everyone. There have been no comments on this KIP, so I intend to > put > > > it to a vote next week if there are no comments that might entail > changes > > > between now and then. Please take a look in the meantime if you wish. > > > > > > Ron > > > > > > On Thu, Mar 15, 2018 at 2:36 PM, Ron Dagostino <rndg...@gmail.com> > > wrote: > > > > > > > Hi everyone. > > > > > > > > I created KIP-269: Substitution Within Configuration Values > > > > <https://cwiki.apache.org/confluence/display/KAFKA/KIP+ > > > 269+Substitution+Within+Configuration+Values> > > > > (https://cwiki.apache.org/confluence/display/KAFKA/KIP+269+ > > > > Substitution+Within+Configuration+Values > > > > <https://cwiki.apache.org/confluence/pages/viewpage. > > > action?pageId=75968876> > > > > ). > > > > > > > > This KIP proposes adding support for substitution within client JAAS > > > > configuration values for PLAIN and SCRAM-related SASL mechanisms in a > > > > backwards-compatible manner and making the functionality available to > > > other > > > > existing (or future) configuration contexts where it is deemed > > > appropriate. > > > > > > > > This KIP was extracted from (and is now a prerequisite for) KIP-255: > > > > OAuth Authentication via SASL/OAUTHBEARER > > > > <https://cwiki.apache.org/confluence/pages/viewpage. > > > action?pageId=75968876> > > > > based on discussion of that KIP. > > > > > > > > Ron > > > > > > > > > >
