Open rao2100 opened 6 months ago
We indeed don't support the SASL extensions in our OAuth plugin. I haven't encountered a use-case before where the broker made use of these, so there was no need to support them on the client. Assumption was always that the JaasClientOauthLoginCallbackHandler
will always talk to the Kafka cluster that uses JaasServerOauthValidatorCallbackHandler
provided by this project, and in such a setup there is no need for SASL extensions. In your case you are connecting to the Kafka cluster that uses a different OAUTHBEARER plugin (AuthenticateCallbackHandler
implementation), which relies on SASL extensions.
One obvious solution would be to use the default Kafka OAuth implementation on the client. But I guess that is not possible when using Strimzi Operator with KafkaConnect custom resource. In order to connect to your cluster you need to pass these extra configuration parameters as some kind of client context information separate from the access token.
Support for SASL extensions has been added. See: #231
Very nice, thank you very much @mstruk
Any idea which strimzi operator release this will be included?
Currently we are configuring Strimzi Kafka Connect as below, will there be new config be introduced like in **?
authentication:
type: oauth
clientId: kafka-connect
clientSecret:
key: secret
secretName: connect-oauth-secret
tokenEndpointUri: https://keycloak.keycloak:8443/auth/realms/master/protocol/openid-connect/token
**extensions:
key1: value
key2: value**
Are there any plans to add support for Oauth extension_ so that we can use it to connect to confluent cloud. Ideally we want to be able to configure the the following parameters:
I see that it is already supported in kafka security but not in strimzi. Right now we are not able to configure it strimzi kafka connect as strimzi-kafka-oauth does does not support it.
Strimzi: https://github.com/strimzi/strimzi-kafka-oauth/blob/main/oauth-client/src/main/java/io/strimzi/kafka/oauth/client/JaasClientOauthLoginCallbackHandler.java
Kafka: https://github.com/a0x8o/kafka/blob/master/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/OAuthBearerLoginCallbackHandler.java#L177