Re: [PR] KAFKA-18847: Refactor OAuth layer to improve reusability 1/N [kafka]

Wed, 07 May 2025 15:43:06 -0700 


kirktrue commented on code in PR #19622:
URL: https://github.com/apache/kafka/pull/19622#discussion_r2078589954


##########
clients/src/main/java/org/apache/kafka/common/security/oauthbearer/OAuthBearerLoginCallbackHandler.java:
##########
@@ -179,28 +180,34 @@ public class OAuthBearerLoginCallbackHandler implements 
AuthenticateCallbackHand
 
     private Map<String, Object> moduleOptions;
 
-    private AccessTokenRetriever accessTokenRetriever;
+    private JwtRetriever jwtRetriever;
 
-    private AccessTokenValidator accessTokenValidator;
+    private JwtValidator jwtValidator;
 
     private boolean isInitialized = false;
 
     @Override
     public void configure(Map<String, ?> configs, String saslMechanism, 
List<AppConfigurationEntry> jaasConfigEntries) {
         moduleOptions = JaasOptionsUtils.getOptions(saslMechanism, 
jaasConfigEntries);
-        AccessTokenRetriever accessTokenRetriever = 
AccessTokenRetrieverFactory.create(configs, saslMechanism, moduleOptions);
-        AccessTokenValidator accessTokenValidator = 
AccessTokenValidatorFactory.create(configs, saslMechanism);
-        init(accessTokenRetriever, accessTokenValidator);
+        JwtRetriever jwtRetriever = new DefaultJwtRetriever(configs, 
saslMechanism, moduleOptions);
+        JwtValidator jwtValidator = new DefaultJwtValidator(configs, 
saslMechanism);
+        init(jwtRetriever, jwtValidator);
     }
 
-    public void init(AccessTokenRetriever accessTokenRetriever, 
AccessTokenValidator accessTokenValidator) {
-        this.accessTokenRetriever = accessTokenRetriever;
-        this.accessTokenValidator = accessTokenValidator;
+    public void init(JwtRetriever jwtRetriever, JwtValidator jwtValidator) {

Review Comment:
   > So I would say that having this init public is what's wrong in the first 
place?
   
   This method is only `public` by virtue of the awkwardness of the unit tests. 
I'd prefer to make the `init()` method package `protected`, or just remove it 
altogether. The existence of `init()` was not mentioned in the previous `KIP` 
([KIP-768](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575)),
 so my thought is that it can be changed without updating the KIP.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to