public class EnhancedOAuthBearerValidatorCallbackHandler extends Object implements org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
CallbackHandler that recognizes
OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback
for validating a secured OAuth 2 bearer token issued by Confluent/external OIDC provider, SASL extensions
specifying the logical cluster this token is meant for and an identity pool ID to assume if token is from
external OIDC provider.
It verifies the signature of the JWTToken through a public key it retrieves from KeyResolver provided by JwtAuthenticator
This class must be explicitly set via the
listener.name.<listenerName>.oauthbearer.sasl.server.callback.handler.class
broker configuration property.
| Modifier and Type | Field and Description |
|---|---|
static String |
CALLING_RESOURCE_IDENTITY_CLAIM_KEY |
| Constructor and Description |
|---|
EnhancedOAuthBearerValidatorCallbackHandler() |
| Modifier and Type | Method and Description |
|---|---|
void |
close() |
void |
configure(Map<String,?> configs,
String saslMechanism,
List<AppConfigurationEntry> jaasConfigEntries) |
void |
handle(Callback[] callbacks) |
public static final String CALLING_RESOURCE_IDENTITY_CLAIM_KEY
public EnhancedOAuthBearerValidatorCallbackHandler()
public void configure(Map<String,?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries)
configure in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandlerpublic void handle(Callback[] callbacks) throws UnsupportedCallbackException
handle in interface CallbackHandlerUnsupportedCallbackExceptionpublic void close()
close in interface org.apache.kafka.common.security.auth.AuthenticateCallbackHandler