Class SpireJwtTokenLoginValidator

java.lang.Object
io.confluent.kafka.clients.plugins.auth.oauth.internals.SpireJwtTokenLoginValidator
All Implemented Interfaces:
Closeable, AutoCloseable, org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable, org.apache.kafka.common.security.oauthbearer.JwtValidator
public class SpireJwtTokenLoginValidator extends Object implements org.apache.kafka.common.security.oauthbearer.JwtValidator
A JwtValidator that does basic validation of the JWT retrieved from the Spire Agent. 
It validates following:

 1. `exp` claim is valid (i.e. a non-negative number that is not already expired)
 2. `iat` claim is valid (i.e. a non-negative number that is less than current time)
 3. `sub` claim is valid (i.e. a non-null, non-empty string starting with 'spiffe')

  • Field Details

  • Constructor Details

    • SpireJwtTokenLoginValidator

      public SpireJwtTokenLoginValidator()

  • Method Details

    • validate

      public org.apache.kafka.common.security.oauthbearer.OAuthBearerToken validate(String accessToken) throws org.apache.kafka.common.security.oauthbearer.JwtValidatorException
      Specified by:
      validate in interface org.apache.kafka.common.security.oauthbearer.JwtValidator
      Throws:
      org.apache.kafka.common.security.oauthbearer.JwtValidatorException