A
CallbackHandler
for the OAuthLoginModule.
There are three cases which must be covered with Token based authentication.
1. Kafka client-side User/Password credential authentication
2. Kafka client-side Token credential authentication
3. Kafka client impersonation.
All three circumstances can be handled through the use of two callback handlers.
TokenUserBearerLoginCallbackHandler
for User/Password credential authentication.
TokenBearerLoginCallbackHandler
for Token credential authentication.
Any application with an valid Authentication Token may impersonate another user making
TokenBearerLoginCallbackHandler
suitable for scenario 3 as well.
This class handles the user/password credential approach and can be configured as such.
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule Required
username="user"
password="password"
metadataServerUrls="https://mds:8080"
This class should be explicitly set via the
sasl.login.callback.handler.class
configuration property