Constant Field Values

io.confluent.*

io.confluent.kafka.client.plugins.ssl.ConfluentTrustProvider

Modifier and Type	Constant Field	Value
public static final String	PROVIDER_NAME	"ConfluentTrustProvider"
public static final String	TRUST_PROVIDER_CONFIG	"ConfluentTrustProvider.config"

io.confluent.kafka.clients.plugins.auth.http.FileBasedDynamicBasicAuthCredentialProvider

Modifier and Type	Constant Field	Value
public static final String	DYNAMIC_FILE	"DYNAMIC_FILE"

io.confluent.kafka.clients.plugins.auth.jwt.AsyncHttpsJwks

Modifier and Type	Constant Field	Value
public static final long	DEFAULT_REFRESH_INTERVAL_MS	3600000L

io.confluent.kafka.clients.plugins.auth.jwt.JwtAuthenticator

Modifier and Type	Constant Field	Value
public static final String	CONFLUENT_ISSUER	"Confluent"
public static final String	IAT_CLAIM_REQUIRED	"iatRequired"
public static final String	JTI_CLAIM_REQUIRED	"jtiRequired"

io.confluent.kafka.clients.plugins.auth.jwt.JwtAuthenticatorConfig

Modifier and Type	Constant Field	Value
public static final String	ALLOW_UNSAFE_KEY_RESOLVER_URL_CONFIG	"allowUnsafeURL"
public static final String	AUDIENCE_CONFIG	"audience"
public static final String	AUDIENCE_REQUIRED_CONFIG	"audienceRequired"
public static final String	CONFIG_PREFIX	"authenticator.jwt."
public static final String	HTTPS_JWKS	"https"
public static final String	ISSUER_CONFIG	"issuer"
public static final String	JKU_JWKS	"jku"
public static final String	JKU_KEY_RESOLVER_WHITELIST_CONFIG	"jkuDomainWhiteList"
public static final String	JWKS_LOCATION_CONFIG	"jwksLocation"
public static final String	JWKS_PEMFILE	"pemfile"
public static final String	KEY_RESOLVER_CONFIG	"verificationKeyResolver"
public static final String	VERIFICATION_KEY_REFRESH_INTERVAL_MS_CONFIG	"verificationKeyRefreshInterval"

io.confluent.kafka.clients.plugins.auth.oauth.SpireJwtLoginCallbackHandler

Modifier and Type	Constant Field	Value
public static final String	SASL_OAUTHBEARER_TOKEN_SPIRE_AGENT_ENDPOINT	"sasl.oauthbearer.token.spire.agent.endpoint"

io.confluent.kafka.clients.plugins.auth.oauth.internals.SpireJwtTokenLoginValidator

Modifier and Type	Constant Field	Value
public static final String	EXPIRATION_CLAIM_NAME	"exp"
public static final String	ISSUED_AT_CLAIM_NAME	"iat"
public static final String	SUBJECT_CLAIM_NAME	"sub"

io.confluent.kafka.common.multitenant.oauth.OauthMayActClaim

Modifier and Type	Constant Field	Value
public static final String	OAUTH_PRINCIPALS	"principals"

io.confluent.kafka.security.config.provider.DecryptionEngine

Modifier and Type	Constant Field	Value
public static final int	GCM_TAG_LENGTH	128

io.confluent.kafka.security.config.provider.SecurePassConfigProvider

Modifier and Type	Constant Field	Value
public static final String	DATA_ENCRYPTION_KEY	"_metadata.symmetric_key.0.enc"
public static final String	MASTER_KEY_ENV_VAR	"_metadata.symmetric_key.0.envvar"
public static final String	METADATA_KEY_LENGTH	"_metadata.symmetric_key.0.length"
public static final String	METADATA_PREFIX	"_metadata"

io.confluent.kafka.security.fips.config.FipsSecurityConfig

Modifier and Type	Constant Field	Value
public static final String	ENABLE_FIPS_CONFIG	"enable.fips"
public static final String	ENABLE_FIPS_CONFIG_DOC	"Enable fips mode"

io.confluent.security.auth.client.RestClientConfig

Modifier and Type	Constant Field	Value
public static final String	BASIC_AUTH_CREDENTIALS_PATH_PROP	"confluent.metadata.basic.auth.credentials.path"
public static final String	BASIC_AUTH_CREDENTIALS_PROVIDER_PROP	"confluent.metadata.basic.auth.credentials.provider"
public static final String	BASIC_AUTH_USER_INFO_PROP	"confluent.metadata.basic.auth.user.info"
public static final String	BOOTSTRAP_METADATA_SERVER_URLS_PROP	"confluent.metadata.bootstrap.server.urls"
public static final String	CONFIG_PREFIX	"confluent.metadata."
public static final long	DEFAULT_OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS	10000L
public static final long	DEFAULT_OAUTH_LOGIN_RETRY_BACKOFF_MS	100L
public static final String	ENABLE_METADATA_SERVER_URL_REFRESH	"confluent.metadata.enable.server.urls.refresh"
public static final String	ENABLE_METADATA_SERVER_URL_REFRESH_DOC	"enables periodic refresh of metadata server urls."
public static final String	HTTP_AUTH_CREDENTIALS_PROVIDER_PROP	"confluent.metadata.http.auth.credentials.provider"
public static final String	HTTP_REQUEST_TIMEOUT_MS_CONFIG	"confluent.metadata.http.request.timeout.ms"
public static final String	HTTP_REQUEST_TIMEOUT_MS_DOC	"The configuration controls the maximum amount of time the client will wait for the response of a http request. If the response is not received before the timeout elapses the client will resend the request if necessary or fail the request if all urls are exhausted. This value should less than or equal to confluent.metadata.request.timeout.ms config"
public static final String	METADATA_SERVER_URL_FAIL_ON_401_DOC	"When set to true, the client will fail immediately on receipt of 401 when trying to refresh metadata server urls. This might be useful if repeated 401 cause issues in the backing LDAP server."
public static final String	METADATA_SERVER_URL_FAIL_ON_401_PROP	"confluent.metadata.server.urls.fail.on.401"
public static final String	METADATA_SERVER_URL_MAX_AGE_DOC	"The period of time in milliseconds after which we force a refresh of metadata server urls."
public static final String	METADATA_SERVER_URL_MAX_AGE_PROP	"confluent.metadata.server.urls.max.age.ms"
public static final String	METADATA_SERVER_URL_MAX_RETRIES_DOC	"The number of retries to force a refresh of metadata server urls."
public static final String	METADATA_SERVER_URL_MAX_RETRIES_PROP	"confluent.metadata.server.urls.max.retries"
public static final String	OAUTH_CLIENTASSERTION_AUDIENCE	"confluent.metadata.oauthbearer.assertion.claim.aud"
public static final String	OAUTH_CLIENTASSERTION_AUDIENCE_DOC	"The value to be added to the Audience claim \"aud\" which will be included in the client assertion created locally"
public static final String	OAUTH_CLIENTASSERTION_EXPIRATION	"confluent.metadata.oauthbearer.assertion.claim.exp.minutes"
public static final String	OAUTH_CLIENTASSERTION_EXPIRATION_DOC	"The (Optional) expiration time for the client assertion in minutesThe default value is 5 minutes"
public static final String	OAUTH_CLIENTASSERTION_HEADER_VALUES_PATH	"confluent.metadata.oauthbearer.assertion.template.file"
public static final String	OAUTH_CLIENTASSERTION_HEADER_VALUES_PATH_DOC	"The location for the JSON file which contains additional header and payload claims to be included in the client assertion"
public static final String	OAUTH_CLIENTASSERTION_INCLUDE_JTI_CLAIM	"confluent.metadata.oauthbearer.assertion.claim.jti.include"
public static final String	OAUTH_CLIENTASSERTION_INCLUDE_JTI_CLAIM_DOC	"The (optional) setting for specifying whether to include jti claim or not"
public static final String	OAUTH_CLIENTASSERTION_INCLUDE_NBF_CLAIM	"confluent.metadata.oauthbearer.assertion.claim.nbf.include"
public static final String	OAUTH_CLIENTASSERTION_INCLUDE_NBF_CLAIM_DOC	"The (optional) setting for specifying whether to include nbf claim or notIf set to true, nbf claim with (current time - 1 minute) will be included in the client assertion"
public static final String	OAUTH_CLIENTASSERTION_ISSUER	"confluent.metadata.oauthbearer.assertion.claim.iss"
public static final String	OAUTH_CLIENTASSERTION_ISSUER_DOC	"The value to be added to the Issuer claim \"iss\" which will be included in the client assertion created locally"
public static final String	OAUTH_CLIENTASSERTION_LOCATION	"confluent.metadata.oauthbearer.assertion.file"
public static final String	OAUTH_CLIENTASSERTION_LOCATION_DOC	"The location/path on disc at which a signed client assertion is presentThis will be passed directly to the token endpoint."
public static final String	OAUTH_CLIENTASSERTION_PRIVATE_KEY	"confluent.metadata.oauthbearer.assertion.private.key.file"
public static final String	OAUTH_CLIENTASSERTION_PRIVATE_KEY_DOC	"The location for the private key to be used for signing client assertion in PEM formatRequired for local client assertion creation"
public static final String	OAUTH_CLIENTASSERTION_PRIVATE_KEY_PASSPHRASE	"confluent.metadata.oauthbearer.assertion.private.key.passphrase"
public static final String	OAUTH_CLIENTASSERTION_PRIVATE_KEY_PASSPHRASE_DOC	"The passphrase required for decrypting the private key (in case of PKCS#8 format pem file) "
public static final String	OAUTH_CLIENTASSERTION_SUBJECT	"confluent.metadata.oauthbearer.assertion.claim.sub"
public static final String	OAUTH_CLIENTASSERTION_SUBJECT_DOC	"The value to be added to the Subject claim \"sub\" which will be included in the client assertion created locally"
public static final String	OAUTH_CONFIG_PREFIX	"confluent.metadata.oauthbearer."
public static final String	OAUTH_HEADER_URLENCODE	"confluent.metadata.oauthbearer.header.urlencode"
public static final String	OAUTH_HEADER_URLENCODE_MS_DOC	"The (optional) setting to enable the OAuth client to URL-encode the client_id and client_secret in the authorization header in accordance with RFC6749, see <a href=\"https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1\">here</a> for more details. The default value is set to \'false\' for backward compatibility"
public static final String	OAUTH_LOGIN_CLIENT_ID	"confluent.metadata.oauthbearer.login.client.id"
public static final String	OAUTH_LOGIN_CLIENT_ID_MS_DOC	"The OAuth/OIDC identity provider-issued client ID to uniquely identify the service account to use for authentication for this client. The value must be paired with a corresponding confluent.metadata.oauthbearer.login.client.secret value and is provided to the OAuth provider using the OAuth clientcredentials grant type."
public static final String	OAUTH_LOGIN_CLIENT_SCOPE	"confluent.metadata.oauthbearer.login.oauth.scope"
public static final String	OAUTH_LOGIN_CLIENT_SCOPE_MS_DOC	"The (optional) HTTP/HTTPS login request to the token endpoint (confluent.metadata.oauthbearer.token.endpoint.url) may need to specify an OAuth \"scope\". If so, the confluent.metadata.oauthbearer.login.oauth.scope is used to provide the value to include with the login request."
public static final String	OAUTH_LOGIN_CLIENT_SECRET	"confluent.metadata.oauthbearer.login.client.secret"
public static final String	OAUTH_LOGIN_CLIENT_SECRET_MS_DOC	"The OAuth/OIDC identity provider-issued client secret serves a similar function as a password to the confluent.metadata.oauthbearer.login.client.id account and identifies the service account to use for authentication for this client. The value must be paired with a corresponding confluent.metadata.oauthbearer.login.client.id value and is provided to the OAuth provider using the OAuth clientcredentials grant type."
public static final String	OAUTH_LOGIN_CONNECT_TIMEOUT_MS	"confluent.metadata.oauthbearer.login.connect.timeout.ms"
public static final String	OAUTH_LOGIN_CONNECT_TIMEOUT_MS_DOC	"The (optional) value in milliseconds for the external authentication provider connection timeout."
public static final String	OAUTH_LOGIN_READ_TIMEOUT_MS	"confluent.metadata.oauthbearer.login.read.timeout.ms"
public static final String	OAUTH_LOGIN_READ_TIMEOUT_MS_DOC	"The (optional) value in milliseconds for the external authentication provider read timeout."
public static final String	OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS	"confluent.metadata.oauthbearer.login.retry.backoff.max.ms"
public static final String	OAUTH_LOGIN_RETRY_BACKOFF_MAX_MS_DOC	"The (optional) value in milliseconds for the maximum wait between login attempts to the external authentication provider.Oauth/OIDC Login uses an exponential backoff algorithm with an initial wait based on the confluent.metadata.oauthbearer.login.retry.backoff.ms setting and will double in wait length between attempts up to a maximum wait length specified by the confluent.metadata.oauthbearer.sasl.login.retry.backoff.max.ms setting."
public static final String	OAUTH_LOGIN_RETRY_BACKOFF_MS	"confluent.metadata.oauthbearer.login.retry.backoff.ms"
public static final String	OAUTH_LOGIN_RETRY_BACKOFF_MS_DOC	"The (optional) value in milliseconds for the initial wait between login attempts to the external authentication provider.Oauth/OIDC Login uses an exponential backoff algorithm with an initial wait based on the confluent.metadata.oauthbearer.login.retry.backoff.ms setting and will double in wait length between attempts up to a maximum wait length specified by the confluent.metadata.oauthbearer.sasl.login.retry.backoff.max.ms setting."
public static final String	OAUTH_TOKEN_ENDPOINT_URL	"confluent.metadata.oauthbearer.token.endpoint.url"
public static final String	OAUTH_TOKEN_ENDPOINT_URL_DOC	"The URL for the OAuth/OIDC identity provider. If the URL is HTTP(S)-based, it is the issuer\'s token endpoint URL to which requests will be made to login with the specified confluent.metadata.ssl configs."
public static final String	REQUEST_TIMEOUT_MS_CONFIG	"confluent.metadata.request.timeout.ms"
public static final String	REQUEST_TIMEOUT_MS_DOC	"The configuration controls the maximum amount of time the client will wait for the response of a each authorizer request."
public static final String	TOKEN_AUTH_CREDENTIAL_PROP	"confluent.metadata.token.auth.credential"

io.confluent.security.authentication.AuthenticationException

Modifier and Type	Constant Field	Value
public static final String	AUTHENTICATION_EXCEPTION_OCCURRED	"AUTHENTICATION_EXCEPTION_OCCURRED"

io.confluent.security.authentication.AuthenticationExceptionReasonCodes

Modifier and Type	Constant Field	Value
public static final String	AUD_CLAIM_MISMATCH	"AUD_CLAIM_MISMATCH"
public static final String	BAD_POOL_EXTENSION	"IMPROPERLY_FORMATTED_IDENTITY_POOL_EXTENSION"
public static final String	CALLING_RESOURCE_IDENTITY_MISSING_OR_EMPTY	"CALLING_RESOURCE_IDENTITY_MISSING_OR_EMPTY"
public static final String	CLAIM_ISSUER_POOL_FILTER_MISMATCH	"CLAIM_ISSUER_POOL_FILTER_MISMATCH"
public static final String	CLAIMS_POOL_FILTER_MISMATCH	"CLAIMS_POOL_FILTER_MISMATCH"
public static final String	CLUSTER_ID_MISSING_OR_EMPTY	"CLUSTER_ID_MISSING_OR_EMPTY"
public static final String	CLUSTER_NOT_ALLOWED	"CLUSTER_NOT_ALLOWED"
public static final String	CLUSTER_NOT_FOUND	"CLUSTER_NOT_FOUND"
public static final String	CONNECTION_TYPE_FROM_LAT_INVALID	"CONNECTION_TYPE_FROM_LAT_INVALID"
public static final String	DATA_POLICY_DISALLOWED	"DATA_POLICY_DISALLOWED"
public static final String	FAILED_TO_READ_CLAIMS	"FAILED_TO_READ_CLAIMS"
public static final String	IDENTITY_POOL_IDENTITY_CLAIM_ABSENT_IN_CLAIMS	"IDENTITY_POOL_IDENTITY_CLAIM_ABSENT_IN_CLAIMS"
public static final String	IDENTITY_POOL_NOT_FOUND	"IDENTITY_POOL_NOT_FOUND"
public static final String	INCORRECT_AUTHENTICATOR_TYPE	"INCORRECT_AUTHENTICATOR_TYPE"
public static final String	INVALID_POOL_ID	"INVALID_POOL_ID"
public static final String	IPADDRESS_FROM_LAT_INVALID	"IPADDRESS_FROM_LAT_INVALID"
public static final String	ISSUER_INVALID	"ISSUER_INVALID"
public static final String	NETWORK_ID_DISALLOWED	"NETWORK_ID_DISALLOWED"
public static final String	NO_VALID_IDENTITY_POOLS_FOUND	"NO_VALID_IDENTITY_POOLS_FOUND"
public static final String	NO_VALID_IDENTITY_PROVIDER_FOUND	"NO_VALID_IDENTITY_PROVIDER_FOUND"
public static final String	ORG_ID_CLUSTER_ID_MISMATCH	"ORG_ID_CLUSTER_ID_MISMATCH"
public static final String	ORG_ID_POOL_FILTER_MISMATCH	"ORG_ID_POOL_FILTER_MISMATCH"
public static final String	POOL_PROVIDER_LIST_MISMATCH	"LIST_OF_POOLS_HAS_MULTIPLE_PROVIDERS"
public static final String	SNI_ID_CLUSTER_ID_MISMATCH	"SNI_ID_CLUSTER_ID_MISMATCH"
public static final String	TOKEN_ISSUER_CLAIM_ABSENT	"TOKEN_ISSUER_CLAIM_ABSENT"
public static final String	TOKEN_ISSUER_CLAIM_UNRECOGNIZED	"TOKEN_ISSUER_UNRECOGNIZED"
public static final String	TOKEN_PROCESSING_FAILURE	"TOKEN_PROCESSING_FAILURE"
public static final String	TOKEN_VALUE_ABSENT	"TOKEN_VALUE_ABSENT"

io.confluent.security.util.JwtUtils

Modifier and Type	Constant Field	Value
public static final String	CLAIM_USER_ID	"userId"
public static final String	CLAIM_USER_RESOURCE_ID	"userResourceId"
public static final String	OAUTH_JWKS_ENDPOINT	"jwksEndpoint"
public static final String	OAUTH_ORG_ID	"orgId"
public static final String	OAUTH_POOL_ID	"identityPoolId"
public static final String	OAUTH_PROVIDER_ID	"providerId"
public static final String	OAUTH_UNION_OF_POOLS_FLOW	"unionOfPools"

io.confluent.security.util.SecurityContext

Modifier and Type	Constant Field	Value
public static final long	DEFAULT_REQ_ID	-1L
public static final String	REQ_ID	"req_id"