[jira] [Commented] (KAFKA-7169) Add support for Custom SASL extensions in OAuth authentication

Tue, 17 Jul 2018 14:30:18 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-7169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16547125#comment-16547125
 ] 

ASF GitHub Bot commented on KAFKA-7169:
---------------------------------------

stanislavkozlovski opened a new pull request #5379: KAFKA-7169: Custom SASL 
extensions for OAuthBearer authentication mechanism
URL: https://github.com/apache/kafka/pull/5379
 
 
   * Create new more-general `SaslExtensions` class. Have `ScramExtensions` 
extend it.
   * Create new more-general `SaslExtensionsCallback` class. Have 
`ScramExtensionsCallback` extend it for backwards-compatibility. Mark 
`ScramExtensionsCallback` as deprecated
   * Call callbackHandler with `SaslExtensionsCallback` in `OAuthBearerClient` 
to populate extensions and attach extensions to request message
   * Parse extensions in `OAuthBearerServer` and expose them via 
`OAuthBearerServer#getNegotiatedProperty()` such that principals have access to 
them through `SaslAuthorizationContext`

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Add support for Custom SASL extensions in OAuth authentication
> --------------------------------------------------------------
>
>                 Key: KAFKA-7169
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7169
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Stanislav Kozlovski
>            Assignee: Stanislav Kozlovski
>            Priority: Minor
>
> KIP: 
> [here|https://cwiki.apache.org/confluence/display/KAFKA/KIP-342%3A+Add+support+for+Custom+SASL+extensions+in+OAuth+authentication]
> Kafka currently supports non-configurable SASL extensions in its SCRAM 
> authentication protocol for delegation token validation. It would be useful 
> to provide configurable SASL extensions for the OAuthBearer authentication 
> mechanism as well, such that clients could attach arbitrary data for the 
> principal authenticating into Kafka. This way, a custom principal can hold 
> information derived from the authentication mechanism, which could prove 
> useful for better tracing and troubleshooting, for example. This can be done 
> in a way which allows for easier extendability in future SASL mechanisms.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to