search

strimzi / strimzi-kafka-oauth

OAuth2 support for Apache Kafka® to work with many OAuth2 authorization servers
Apache License 2.0
146 stars 90 forks source link

Wrong nimbus version using kafka-oauth-client:0.8.1 #121

Closed zbendhiba closed 3 years ago

zbendhiba commented 3 years ago

Hello, If I use the kafka-oauth-client 0.8.1, I have an issue with nimbus-jose-jwt. This is the stack trace in a Quarkus app.

2021-07-02 15:34:25,931 ERROR [io.qua.run.Application] (Quarkus Main Thread) Failed to start application (with profile dev): java.lang.NoSuchMethodError: 'java.util.Map com.nimbusds.jose.Payload.toJSONObject()'
        at io.strimzi.kafka.oauth.common.NimbusPayloadTransformer.transform(NimbusPayloadTransformer.java:15)
        at io.strimzi.kafka.oauth.common.NimbusPayloadTransformer.transform(NimbusPayloadTransformer.java:11)
        at com.nimbusds.jose.Payload.toType(Payload.java:495)
        at io.strimzi.kafka.oauth.common.TokenIntrospection.introspectAccessToken(TokenIntrospection.java:31)
        at io.strimzi.kafka.oauth.common.OAuthAuthenticator.post(OAuthAuthenticator.java:141)
        at io.strimzi.kafka.oauth.common.OAuthAuthenticator.loginWithClientSecret(OAuthAuthenticator.java:72)
        at io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler.handleCallback(JaasClientOauthLoginCallbackHandler.java:161)
        at io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler.handle(JaasClientOauthLoginCallbackHandler.java:141)
        at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.identifyToken(OAuthBearerLoginModule.java:316)
        at org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule.login(OAuthBearerLoginModule.java:301)
        at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
        at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
        at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
        at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
        at org.apache.kafka.common.security.oauthbearer.internals.expiring.ExpiringCredentialRefreshingLogin.login(ExpiringCredentialRefreshingLogin.java:204)
        at org.apache.kafka.common.security.oauthbearer.internals.OAuthBearerRefreshingLogin.login(OAuthBearerRefreshingLogin.java:150)
        at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:62)
        at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:105)
        at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:158)
        at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
        at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:73)
        at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:105)
        at org.apache.kafka.clients.producer.KafkaProducer.newSender(KafkaProducer.java:449)
        at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:430)
        at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:302)

When I see the dependency tree, the problem seems to be the version used. 

\- io.strimzi:kafka-oauth-client:jar:0.8.1:compile
[INFO]    \- io.strimzi:kafka-oauth-common:jar:0.8.1:compile
[INFO]       \- com.nimbusds:nimbus-jose-jwt:jar:4.41.1:compile
[INFO]          +- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO]          \- net.minidev:json-smart:jar:2.3:compile
[INFO]             \- net.minidev:accessors-smart:jar:1.2:compile
[INFO]                \- org.ow2.asm:asm:jar:9.1:compile

I don't see in the code that 4.41.1 version and I just want to make sure it would be fixed to 9.10 version.

Temporarily if I add the 9.10 version in my pom.xml it works too.

zbendhiba commented 3 years ago

related to quarkus-18398

scholzj commented 3 years ago

@zbendhiba Our dependency tree seems to use 9.10:

[INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ kafka-oauth-common ---
[INFO] io.strimzi:kafka-oauth-common:jar:0.8.1
[INFO] +- com.nimbusds:nimbus-jose-jwt:jar:9.10:compile
[INFO] |  \- com.github.stephenc.jcip:jcip-annotations:jar:1.0-1:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.26:provided
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.10.5.1:compile
[INFO] |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.10.5:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-core:jar:2.10.5:compile
[INFO] +- com.jayway.jsonpath:json-path:jar:2.6.0:compile
[INFO] |  \- net.minidev:json-smart:jar:2.4.7:compile
[INFO] |     \- net.minidev:accessors-smart:jar:2.4.7:compile
[INFO] +- org.apache.kafka:kafka-clients:jar:2.8.0:provided
[INFO] |  +- com.github.luben:zstd-jni:jar:1.4.9-1:provided
[INFO] |  +- org.lz4:lz4-java:jar:1.7.1:provided
[INFO] |  \- org.xerial.snappy:snappy-java:jar:1.1.8.1:provided
[INFO] +- com.github.spotbugs:spotbugs-annotations:jar:3.1.12:provided
[INFO] |  \- com.google.code.findbugs:jsr305:jar:3.0.2:provided
[INFO] +- junit:junit:jar:4.13.1:test
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] \- org.slf4j:slf4j-simple:jar:1.7.26:test

This also corresponds to our pom.xml file: https://github.com/strimzi/strimzi-kafka-oauth/blob/2fbbaa638768e44202b7afcadddafe0850da4d3b/pom.xml#L90

So this is probably not a Strimzi issue?

zbendhiba commented 3 years ago

yes I just tracked it. Thanks