Hi All, I am setting up oauth for my Kafka broker. I have set up an account on Auth0 for the same and set up an application and API.
With the below config in the server.properties and Jaas.config file I keep getting invalid token. Although if I generate a manual token via curl it works fine. Also Auth0 logs show successful generation of the token, still the Kafka shows error. Any suggestions to resolve this issue would be appreciated. *Server.properties* listeners=SASL_PLAINTEXT://:9093 advertised.listeners=SASL_PLAINTEXT://<XXXXXX>:9093 sasl.enabled.mechanisms=OAUTHBEARER sasl.oauthbearer.jwks.endpoint.url=https://XXXXXXXXX/oauth/token <https://xxxxxxxxx/oauth/token> sasl.oauthbearer.expected.audience=https://myprovider.com oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; listener.name.sasl_plaintext.oauthbearer.sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler confluent.oauth.groups.claim.name=groups inter.broker.listener.name=SASL_PLAINTEXT sasl.mechanism.inter.broker.protocol=OAUTHBEARER super.users=User:<ClientID> sasl.oauthbearer.token.endpoint.url=<XXXXXXXXX>/oauth/token sasl.oauthbearer.audience=https://myprovider.com allow.everyone.if.no.acl.found=true *Jaas Config* KafkaServer { org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required clientId="XXXXXXXXXXXXXXXXXX" clientSecret="XXXXXXXXXXXXXXXXXX" audience="https://myprovider.com"; serviceName="kafka" scope="kafka.read kafka.write"; }; *Error* [2025-03-19 16:05:43,465] INFO [Controller id=0, targetBrokerId=0] Failed authentication with localhost/127.0.0.1 (channelId=0) ({"status":"invalid_token"}) (org.apache.kafka.common.network.Selector) [image: image.png] [image: image.png] Thanks & Regards ReplyForward Add reaction
