Re: [PR] KAFKA-18573: Add support for OAuth jwt-bearer grant type [kafka]

via GitHub Thu, 29 May 2025 04:40:22 -0700


omkreddy commented on code in PR #19754:
URL: https://github.com/apache/kafka/pull/19754#discussion_r2113774135



##########
clients/src/main/java/org/apache/kafka/common/config/SaslConfigs.java:
##########
@@ -215,6 +396,23 @@ public static void addClientSaslSupport(ConfigDef config) {
                 .define(SaslConfigs.SASL_LOGIN_READ_TIMEOUT_MS, 
ConfigDef.Type.INT, null, ConfigDef.Importance.LOW, 
SASL_LOGIN_READ_TIMEOUT_MS_DOC)
                 .define(SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MAX_MS, 
ConfigDef.Type.LONG, DEFAULT_SASL_LOGIN_RETRY_BACKOFF_MAX_MS, 
ConfigDef.Importance.LOW, SASL_LOGIN_RETRY_BACKOFF_MAX_MS_DOC)
                 .define(SaslConfigs.SASL_LOGIN_RETRY_BACKOFF_MS, 
ConfigDef.Type.LONG, DEFAULT_SASL_LOGIN_RETRY_BACKOFF_MS, 
ConfigDef.Importance.LOW, SASL_LOGIN_RETRY_BACKOFF_MS_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_JWT_RETRIEVER_CLASS, 
ConfigDef.Type.CLASS, DEFAULT_SASL_OAUTHBEARER_JWT_RETRIEVER_CLASS, 
ConfigDef.Importance.MEDIUM, SASL_OAUTHBEARER_JWT_RETRIEVER_CLASS_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_JWT_VALIDATOR_CLASS, 
ConfigDef.Type.CLASS, DEFAULT_CLIENT_SASL_OAUTHBEARER_JWT_VALIDATOR_CLASS, 
ConfigDef.Importance.MEDIUM, SASL_OAUTHBEARER_JWT_VALIDATOR_CLASS_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_GRANT_TYPE, 
ConfigDef.Type.STRING, DEFAULT_SASL_OAUTHBEARER_GRANT_TYPE, 
ConfigDef.Importance.MEDIUM, SASL_OAUTHBEARER_GRANT_TYPE_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_SCOPE, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_SCOPE_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_CLIENT_CREDENTIALS_CLIENT_ID, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_CLIENT_CREDENTIALS_CLIENT_ID_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_CLIENT_CREDENTIALS_CLIENT_SECRET, 
ConfigDef.Type.PASSWORD, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_CLIENT_CREDENTIALS_CLIENT_SECRET_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_ALGORITHM, 
ConfigDef.Type.STRING, DEFAULT_SASL_OAUTHBEARER_ASSERTION_ALGORITHM, 
CaseInsensitiveValidString.in("ES256", "RS256"), ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_ALGORITHM_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_CLAIM_AUD, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_CLAIM_AUD_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_CLAIM_EXP_SECONDS, 
ConfigDef.Type.INT, DEFAULT_SASL_OAUTHBEARER_ASSERTION_CLAIM_EXP_SECONDS, 
Range.between(0, 86400), ConfigDef.Importance.LOW, 
SASL_OAUTHBEARER_ASSERTION_CLAIM_EXP_SECONDS_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_CLAIM_ISS, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_CLAIM_ISS_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_CLAIM_JTI_INCLUDE, 
ConfigDef.Type.BOOLEAN, DEFAULT_SASL_OAUTHBEARER_ASSERTION_CLAIM_JTI_INCLUDE, 
ConfigDef.Importance.MEDIUM, SASL_OAUTHBEARER_ASSERTION_CLAIM_JTI_INCLUDE_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_CLAIM_NBF_SECONDS, 
ConfigDef.Type.INT, DEFAULT_SASL_OAUTHBEARER_ASSERTION_CLAIM_NBF_SECONDS, 
Range.between(0, 3600), ConfigDef.Importance.LOW, 
SASL_OAUTHBEARER_ASSERTION_CLAIM_NBF_SECONDS_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_CLAIM_SUB, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_CLAIM_SUB_DOC)
+                .define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_FILE, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_FILE_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_PRIVATE_KEY_FILE, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_PRIVATE_KEY_FILE_DOC)
+                
.define(SaslConfigs.SASL_OAUTHBEARER_ASSERTION_PRIVATE_KEY_PASSPHRASE, 
ConfigDef.Type.STRING, null, ConfigDef.Importance.MEDIUM, 
SASL_OAUTHBEARER_ASSERTION_PRIVATE_KEY_PASSPHRASE_DOC)

Review Comment:
   Can this also be of Type.PASSWORD?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] KAFKA-18573: Add support for OAuth jwt-bearer grant type [kafka]

Reply via email to