Allows clients to authenticate to authorization server by using client assertion as specified by rfc7523 and rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
oauth.client.assertion
oauth.client.assertion.location
oauth.client.assertion.type
Added support for clients to read access token and refresh token from a file when authenticating
Introduced the following new configuration options:
oauth.refresh.token.location
oauth.access.token.location
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Fixed NullPointerException that occurred when OAuthKafkaPrincipalBuilder was used with Kerberos authentication
Fixed a user id extraction bug where oauth.fallback.username.prefix was ignored, and added oauth.username.prefix
A bug was introduced in 0.13.0 that resulted in oauth.fallback.username.prefix being ignored. That should now be fixed.
A new configuration option was added: oauth.username.prefix.
This allows for the consistent mapping of user ids into the same name space and may be needed to prevent name collisions.
Added support for SASL extension parameters
Added support for passing SASL extensions via OAuth configuration options, by using a prefix: oauth.sasl.extension.
If Kafka Broker uses some other custom OAUTHBEARER implementation, it may require SASL extensions options to be sent by the Kafka client.
Allows clients to authenticate to authorization server by using client assertion as specified by https://www.rfc-editor.org/rfc/rfc7523 and https://www.rfc-editor.org/rfc/rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Allows clients to authenticate to authorization server by using client assertion as specified by rfc7523 and rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
oauth.client.assertion
oauth.client.assertion.location
oauth.client.assertion.type
Added support for clients to read access token and refresh token from a file when authenticating
Introduced the following new configuration options:
oauth.refresh.token.location
oauth.access.token.location
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Fixed NullPointerException that occurred when OAuthKafkaPrincipalBuilder was used with Kerberos authentication
Fixed a user id extraction bug where oauth.fallback.username.prefix was ignored, and added oauth.username.prefix
A bug was introduced in 0.13.0 that resulted in oauth.fallback.username.prefix being ignored. That should now be fixed.
A new configuration option was added: oauth.username.prefix.
This allows for the consistent mapping of user ids into the same name space and may be needed to prevent name collisions.
Added support for SASL extension parameters
Added support for passing SASL extensions via OAuth configuration options, by using a prefix: oauth.sasl.extension.
If Kafka Broker uses some other custom OAUTHBEARER implementation, it may require SASL extensions options to be sent by the Kafka client.
Allows clients to authenticate to authorization server by using client assertion as specified by https://www.rfc-editor.org/rfc/rfc7523 and https://www.rfc-editor.org/rfc/rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Allows clients to authenticate to authorization server by using client assertion as specified by rfc7523 and rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
oauth.client.assertion
oauth.client.assertion.location
oauth.client.assertion.type
Added support for clients to read access token and refresh token from a file when authenticating
Introduced the following new configuration options:
oauth.refresh.token.location
oauth.access.token.location
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Fixed NullPointerException that occurred when OAuthKafkaPrincipalBuilder was used with Kerberos authentication
Fixed a user id extraction bug where oauth.fallback.username.prefix was ignored, and added oauth.username.prefix
A bug was introduced in 0.13.0 that resulted in oauth.fallback.username.prefix being ignored. That should now be fixed.
A new configuration option was added: oauth.username.prefix.
This allows for the consistent mapping of user ids into the same name space and may be needed to prevent name collisions.
Added support for SASL extension parameters
Added support for passing SASL extensions via OAuth configuration options, by using a prefix: oauth.sasl.extension.
If Kafka Broker uses some other custom OAUTHBEARER implementation, it may require SASL extensions options to be sent by the Kafka client.
Allows clients to authenticate to authorization server by using client assertion as specified by https://www.rfc-editor.org/rfc/rfc7523 and https://www.rfc-editor.org/rfc/rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Allows clients to authenticate to authorization server by using client assertion as specified by rfc7523 and rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
oauth.client.assertion
oauth.client.assertion.location
oauth.client.assertion.type
Added support for clients to read access token and refresh token from a file when authenticating
Introduced the following new configuration options:
oauth.refresh.token.location
oauth.access.token.location
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Fixed NullPointerException that occurred when OAuthKafkaPrincipalBuilder was used with Kerberos authentication
Fixed a user id extraction bug where oauth.fallback.username.prefix was ignored, and added oauth.username.prefix
A bug was introduced in 0.13.0 that resulted in oauth.fallback.username.prefix being ignored. That should now be fixed.
A new configuration option was added: oauth.username.prefix.
This allows for the consistent mapping of user ids into the same name space and may be needed to prevent name collisions.
Added support for SASL extension parameters
Added support for passing SASL extensions via OAuth configuration options, by using a prefix: oauth.sasl.extension.
If Kafka Broker uses some other custom OAUTHBEARER implementation, it may require SASL extensions options to be sent by the Kafka client.
Allows clients to authenticate to authorization server by using client assertion as specified by https://www.rfc-editor.org/rfc/rfc7523 and https://www.rfc-editor.org/rfc/rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Allows clients to authenticate to authorization server by using client assertion as specified by rfc7523 and rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
oauth.client.assertion
oauth.client.assertion.location
oauth.client.assertion.type
Added support for clients to read access token and refresh token from a file when authenticating
Introduced the following new configuration options:
oauth.refresh.token.location
oauth.access.token.location
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Fixed NullPointerException that occurred when OAuthKafkaPrincipalBuilder was used with Kerberos authentication
Fixed a user id extraction bug where oauth.fallback.username.prefix was ignored, and added oauth.username.prefix
A bug was introduced in 0.13.0 that resulted in oauth.fallback.username.prefix being ignored. That should now be fixed.
A new configuration option was added: oauth.username.prefix.
This allows for the consistent mapping of user ids into the same name space and may be needed to prevent name collisions.
Added support for SASL extension parameters
Added support for passing SASL extensions via OAuth configuration options, by using a prefix: oauth.sasl.extension.
If Kafka Broker uses some other custom OAUTHBEARER implementation, it may require SASL extensions options to be sent by the Kafka client.
Allows clients to authenticate to authorization server by using client assertion as specified by https://www.rfc-editor.org/rfc/rfc7523 and https://www.rfc-editor.org/rfc/rfc7521.
The assertion can be provided by an external mechanism and available as a file on the file system or it can be explicitly set through OAuth configuration before running the Kafka client.
Introduced the following new configuration options:
Added support for bearer token authentication when connecting to protected authorization server endpoints
This is used by broker when connecting to JWKS and Introspection endpoints. Added to support talking to the Kubernetes API server's JWKS endpoint.
Introduced the following new configuration options:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed.
Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or
oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps
strimzi-oauth.version
from 0.14.0 to 0.15.0. Updatesio.strimzi:kafka-oauth-server
from 0.14.0 to 0.15.0Release notes
Sourced from io.strimzi:kafka-oauth-server's releases.
... (truncated)
Changelog
Sourced from io.strimzi:kafka-oauth-server's changelog.
... (truncated)
Commits
58525f6
Prepare for 0.15.0 release49d6c29
Update RELEASE_NOTES.md229daee
Add client support for SASL extensions (#231)10d3c0e
Username extraction bug fixes and additions (#230)023d03f
Update Spring Authorization Server example with latest libraries (#229)2e0f6b3
Enable s390x testsuite run (#225)e108c65
Prepare Azure CI pipeline for OAuth (#224)80cca5d
Update Keycloak used in testsuite and examples to latest (23.0.5) (#221)ff37387
Bump dependencies + update container versions + update README.md (#220)65679d4
Fix nullpointer that occurs when OAuthKafkaPrincipalBuilder is used with Kerb...Updates
io.strimzi:kafka-oauth-common
from 0.14.0 to 0.15.0Release notes
Sourced from io.strimzi:kafka-oauth-common's releases.
... (truncated)
Changelog
Sourced from io.strimzi:kafka-oauth-common's changelog.
... (truncated)
Commits
58525f6
Prepare for 0.15.0 release49d6c29
Update RELEASE_NOTES.md229daee
Add client support for SASL extensions (#231)10d3c0e
Username extraction bug fixes and additions (#230)023d03f
Update Spring Authorization Server example with latest libraries (#229)2e0f6b3
Enable s390x testsuite run (#225)e108c65
Prepare Azure CI pipeline for OAuth (#224)80cca5d
Update Keycloak used in testsuite and examples to latest (23.0.5) (#221)ff37387
Bump dependencies + update container versions + update README.md (#220)65679d4
Fix nullpointer that occurs when OAuthKafkaPrincipalBuilder is used with Kerb...Updates
io.strimzi:kafka-oauth-client
from 0.14.0 to 0.15.0Release notes
Sourced from io.strimzi:kafka-oauth-client's releases.
... (truncated)
Changelog
Sourced from io.strimzi:kafka-oauth-client's changelog.
... (truncated)
Commits
58525f6
Prepare for 0.15.0 release49d6c29
Update RELEASE_NOTES.md229daee
Add client support for SASL extensions (#231)10d3c0e
Username extraction bug fixes and additions (#230)023d03f
Update Spring Authorization Server example with latest libraries (#229)2e0f6b3
Enable s390x testsuite run (#225)e108c65
Prepare Azure CI pipeline for OAuth (#224)80cca5d
Update Keycloak used in testsuite and examples to latest (23.0.5) (#221)ff37387
Bump dependencies + update container versions + update README.md (#220)65679d4
Fix nullpointer that occurs when OAuthKafkaPrincipalBuilder is used with Kerb...Updates
io.strimzi:kafka-oauth-server-plain
from 0.14.0 to 0.15.0Release notes
Sourced from io.strimzi:kafka-oauth-server-plain's releases.
... (truncated)
Changelog
Sourced from io.strimzi:kafka-oauth-server-plain's changelog.
... (truncated)
Commits
58525f6
Prepare for 0.15.0 release49d6c29
Update RELEASE_NOTES.md229daee
Add client support for SASL extensions (#231)10d3c0e
Username extraction bug fixes and additions (#230)023d03f
Update Spring Authorization Server example with latest libraries (#229)2e0f6b3
Enable s390x testsuite run (#225)e108c65
Prepare Azure CI pipeline for OAuth (#224)80cca5d
Update Keycloak used in testsuite and examples to latest (23.0.5) (#221)ff37387
Bump dependencies + update container versions + update README.md (#220)65679d4
Fix nullpointer that occurs when OAuthKafkaPrincipalBuilder is used with Kerb...Updates
io.strimzi:kafka-oauth-keycloak-authorizer
from 0.14.0 to 0.15.0Release notes
Sourced from io.strimzi:kafka-oauth-keycloak-authorizer's releases.
... (truncated)
Changelog
Sourced from io.strimzi:kafka-oauth-keycloak-authorizer's changelog.
... (truncated)
Commits
58525f6
Prepare for 0.15.0 release49d6c29
Update RELEASE_NOTES.md229daee
Add client support for SASL extensions (#231)10d3c0e
Username extraction bug fixes and additions (#230)023d03f
Update Spring Authorization Server example with latest libraries (#229)2e0f6b3
Enable s390x testsuite run (#225)e108c65
Prepare Azure CI pipeline for OAuth (#224)80cca5d
Update Keycloak used in testsuite and examples to latest (23.0.5) (#221)ff37387
Bump dependencies + update container versions + update README.md (#220)65679d4
Fix nullpointer that occurs when OAuthKafkaPrincipalBuilder is used with Kerb...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show