Open luisedcastillo opened 4 years ago
@serkantkaraca
Confluent Kafka .Net client doesn't support OauthBearer yet. See active issue tracking here https://github.com/confluentinc/confluent-kafka-dotnet/issues/871
confluent-kafka-dotnet now supports OAuth - they don't have samples yet, but they recommend checking out their integration tests. We will add samples to this repository soon.
@arerlend : Is there any update on samples for .net core
@arerlend : Do we have the sample for .net desktop app to connect to kafka using OAuth
@kamleshsingh4u Confluent C# library recently provided an API for OAuthBearer auth. I am planning to add a sample soon.
confluent-kafka-dotnet now supports OAuth - they don't have samples yet, but they recommend checking out their integration tests. We will add samples to this repository soon.
@arerlend Could you please provide the dotnet sample for OAuthBearer
@arerlend @serkantkaraca : Is there any update on samples for OAuthBearer in .net ? @luisedcastillo : Did you manage to resolve this?
Maybe this helps as a starting point:
var consumerConfig = new ConsumerConfig
{
SaslMechanism = SaslMechanism.OAuthBearer,
SaslOauthbearerConfig = "https://my-eventhub-namespace.servicebus.windows.net/.default"
};
using var kafkaConsumer = new ConsumerBuilder<byte[], byte[]>(consumerConfig)
.SetOAuthBearerTokenRefreshHandler(TokenRefreshHandler)
.Build();
[...]
private void TokenRefreshHandler(IConsumer<byte[], byte[]> consumer, string config)
{
var credentials = new DefaultAzureCredential();
var request = new TokenRequestContext(new[] { config });
try
{
var token = credentials.GetToken(request);
consumer.OAuthBearerSetToken(token.Token, token.ExpiresOn.ToUnixTimeMilliseconds(), "NoName");
}
catch (Exception e)
{
consumer.OAuthBearerSetTokenFailure(e.Message);
}
}
Here's a successful implementation of SASL/OAUTH OauthTokenRefreshCallback in dotnet
https://github.com/sookeke/jps-pidp/blob/dev-merge/backend/webapi/Kafka/Consumer/KafkaConsumer.cs
@PSanetra maybe this is a dumb question, but what should be a principal
, that is passed to OAuthBearerSetToken
?
Just "NoName"
?
@inikulshin good question. I have tried to find documentation about that parameter and looked into the librdkafka source code. As far as I see this name is just used for logging purposes and maybe as an identifier for the token, but has no further impact on the authorization or authentication mechanism.
Description
Please, is there a way to have a .net core 3.1 guidelines? Now we want to implement Manage Identity using event hubs, but we are not able to follow your explanation because we cannot create authenticate callback.
How to reproduce
Has it worked previously?
<Is this a first attempt at getting the sample application to run, or has it worked in the past?>
Checklist
IMPORTANT: We will close issues where the checklist has not been completed or where adequate information has not been provided.
Please provide the relevant information for the following items:
<REPLACE with e.g., Java quickstart>
<REPLACE with e.g., 1.1.0>
<REPLACE with e.g., auto.reset.offset=earliest, ..>
(do not include your connection string or SAS Key)<REPLACE with e.g., Consumer failure>
<REPLACE with e.g., Nov 7 2018 - 17:15:01 UTC>
<REPLACE with e.g., group.id=cg-name>
<REPLACE with e.g., Willing/able to send scenario to repro issue>
<REPLACE with e.g., Ubuntu 16.04.5 (x64) LTS>
If this is a question on basic functionality, please verify the following:
$ ping namespace.servicebus.windows.net
returns ~ns-eh2-prod-am3-516.cloudapp.net [13.69.64.0]
)