Hi Ron, +1 (binding)
Thanks for the KIP! Regards, Rajini On Fri, May 4, 2018 at 4:55 AM, Ron Dagostino <rndg...@gmail.com> wrote: > Hi everyone. I would like to start the vote for KIP-255: > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75968876 > > This KIP proposes to add the following functionality related to > SASL/OAUTHBEARER: > > 1) Allow clients (both brokers when SASL/OAUTHBEARER is the inter-broker > protocol as well as non-broker clients) to flexibly retrieve an access > token from an OAuth 2 authorization server based on the declaration of a > custom login CallbackHandler implementation and have that access token > transparently and automatically transmitted to a broker for authentication. > > 2) Allow brokers to flexibly validate provided access tokens when a client > establishes a connection based on the declaration of a custom SASL Server > CallbackHandler implementation. > > 3) Provide implementations of the above retrieval and validation features > based on an unsecured JSON Web Token that function out-of-the-box with > minimal configuration required (i.e. implementations of the two types of > callback handlers mentioned above will be used by default with no need to > explicitly declare them). > > 4) Allow clients (both brokers when SASL/OAUTHBEARER is the inter-broker > protocol as well as non-broker clients) to transparently retrieve a new > access token in the background before the existing access token expires in > case the client has to open new connections. > > Thanks, > > Ron >
