Open pegtrifork opened 3 months ago
You are currently only able to supply client id, client secret and token endpoint when using sasl mechanism OAUTHBEARER. However many identity providers requires you to supply a specific set of scopes to get a token with the desired claims.
A "apicurio.kafkasql.security.sasl.scope" config parameter in https://github.com/Apicurio/apicurio-registry/blob/main/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlFactory.java And possibly other configurations which can be used in the LoginCallbackHandler. For reference see https://github.com/strimzi/strimzi-kafka-oauth/blob/main/oauth-client/src/main/java/io/strimzi/kafka/oauth/client/JaasClientOauthLoginCallbackHandler.java which is the default in application.properties
Any way for this to be looked at?
Feature or Problem Description
You are currently only able to supply client id, client secret and token endpoint when using sasl mechanism OAUTHBEARER. However many identity providers requires you to supply a specific set of scopes to get a token with the desired claims.
Proposed Solution
A "apicurio.kafkasql.security.sasl.scope" config parameter in https://github.com/Apicurio/apicurio-registry/blob/main/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlFactory.java And possibly other configurations which can be used in the LoginCallbackHandler. For reference see https://github.com/strimzi/strimzi-kafka-oauth/blob/main/oauth-client/src/main/java/io/strimzi/kafka/oauth/client/JaasClientOauthLoginCallbackHandler.java which is the default in application.properties