How to implement OAUTHBEARER SASL authentication mechanism in kafka?

1
votes

Can anyone explain how the client or inter broker communication happens with OAUTHBEARER authentication mechanism in kafka?

1
securityauthenticationapache-kafkaoauth-2.0
I guess you already have read this: docs.confluent.io/current/kafka/authentication_sasl/…? Jair's answer below is correct. Which part is unclear? - user152468

1 Answers

9
votes

You will need to implement two classes that uses an interface called AuthenticateCallbackHandler.

The first class implements the Login flow, where you need to call your OAuth server to retrieve a token. This class will be used by your clients or for interbroker connection.

The second class implements the Validation flow, where you will call your OAuth server to check if the send token is valid. This class will be used only at Kafka Broker.

I have an example of this implementation at github.com/jairsjunior/kafka-oauth

If you want to see how to setup a Kafka broker using this SASL mechanism, there is an article with all steps. https://medium.com/@jairsjunior/how-to-setup-oauth2-mechanism-to-a-kafka-broker-e42e72839fe