penicaudm
commented
1 year ago I'd like to bring attention to this issue as it is the first google result we had for this error.
Anyone struggling with their config, this is what worked for us:
var config = new ClientConfig
{
BootstrapServers = "hostname:port",
SecurityProtocol = SecurityProtocol.SaslSsl,
SaslMechanism = SaslMechanism.OAuthBearer,
SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc,
SaslOauthbearerClientId = "ClientID",
SaslOauthbearerClientSecret = "clientSecret",
SaslOauthbearerTokenEndpointUrl = "https://login.microsoftonline.com/REDACTED/oauth2/v2.0/token",
SaslOauthbearerScope = "api://REDACTED/.default",
SaslOauthbearerExtensions = "logicalCluster=lkc-01234,identityPoolId=pool-abcde"
};
I tried to use OAuth with Azure AD based on this example: https://github.com/confluentinc/confluent-kafka-dotnet/blob/master/examples/OAuthOIDC/Program.cs
However, when I run that sample code with my own setting values, I receive error: SASL authentication error: Authentication failed: 1 extensions are invalid! They are: logicalCluster: CLUSTER_ID_MISSING_OR_EMPTY
The Confluent Cloud documentation mentions two additional extension configurations, _extensionlogicalCluster and _extensionidentityPoolId. https://docs.confluent.io/cloud/current/access-management/authenticate/oauth/configure-clients-oauth.html
When I add these two settings to the configuration, it works fine.
So, it looks like this needs to be added to the sample code, unless there is a way to avoid the need for these additional settings.