Note that there are two clients, the user client, and the proxy client. When the original authenticate data expires, the user client cannot send a request to the proxy to find the broker URL. We haven't tests to cover this.
A simple diagram represents workflow: [image: image.png] Both connections pass the proxy client and the user client authentication data. Thanks, Zixuan Zixuan Liu <node...@gmail.com> 于2022年8月16日周二 23:02写道: > Hi all, > > Refreshing the authentication data comes from the client is important. We > have two types of authentication data, directly authentication data, and > original authentication data: > > 1. Directly authentication data > The client/proxy brings the authentication data directly connected to the > broker, which is directly authentication data. > > When the directly authentication data is expired, the broker sends the > `newAuthChallenge` command with `AuthData.REFRESH_AUTH_DATA` data to the > client to refresh the authentication data. > > 2. Original authentication data > We add a proxy between the client and the broker, both the proxy and the > client bring the authentication data to request the broker, the > authentication data from the proxy is directly authentication data, and the > authentication data from the client is original authentication data. > > The broker can refresh the directly authentication data, but when we are > using the proxy, the broker could not refresh the original > authentication data, because we haven't any action to request to refresh > the original authentication data, so we need to add an auth data const to > request to refresh the original authentication data, so like > `AuthData.REFRESH_AUTH_DATA`. > > Once most people agree with this, I'll make a PIP. > > References: > > - https://github.com/apache/pulsar/pull/13339 > - https://github.com/apache/pulsar/issues/10816 > > Thanks, > Zixuan > >