Class EnhancedOAuthBearerValidatorCallbackHandler
java.lang.Object
io.confluent.security.auth.provider.oauth.EnhancedOAuthBearerValidatorCallbackHandler
- All Implemented Interfaces:
CallbackHandler,org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
public class EnhancedOAuthBearerValidatorCallbackHandler
extends Object
implements org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
A
CallbackHandler that recognizes
OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback
for validating a secured OAuth 2 bearer token issued by Confluent/external OIDC provider, SASL extensions
specifying the logical cluster this token is meant for and an identity pool ID to assume if token is from
external OIDC provider.
It verifies the signature of the JWTToken through a public key it retrieves from KeyResolver provided by JwtAuthenticator
This class must be explicitly set via the
listener.name.<listenerName>.oauthbearer.sasl.server.callback.handler.class
broker configuration property.
-
Field Details
-
CALLING_RESOURCE_IDENTITY_CLAIM_KEY
- See Also:
-
METRIC_GROUP
- See Also:
-
-
Constructor Details
-
EnhancedOAuthBearerValidatorCallbackHandler
public EnhancedOAuthBearerValidatorCallbackHandler()
-
-
Method Details
-
configure
public void configure(Map<String, ?> configs, String saslMechanism, List<AppConfigurationEntry> jaasConfigEntries) - Specified by:
configurein interfaceorg.apache.kafka.common.security.auth.AuthenticateCallbackHandler
-
handle
- Specified by:
handlein interfaceCallbackHandler- Throws:
UnsupportedCallbackException
-
close
public void close()- Specified by:
closein interfaceorg.apache.kafka.common.security.auth.AuthenticateCallbackHandler
-