[GitHub] [pulsar] hi-rustin commented on issue #20367: [Bug] HTTP 401 Unauthorized with okta

Tue, 23 May 2023 23:46:17 -0700 


hi-rustin commented on issue #20367:
URL: https://github.com/apache/pulsar/issues/20367#issuecomment-1560542582

   Got it. 
   Thanks for your help!  💚 💙 💜 💛 ❤️
   
   I finally fixed it.
   
   My current solution:
   1. Use Auth0 instead of okta, because I can not find the sign secret from 
okta.
   2. Create a test API on Auth0 and use its test application. 
   3. Correct the docker-compose.yaml:
   ```yaml
   version: '3.5'
   
   services:
     standalone:
       container_name: standalone
       hostname: localhost
       image: streamnative/sn-pulsar:2.10.3.7
       command: >
         bash /waitForOAuth.sh
       environment:
         allowAutoTopicCreationType: partitioned
         brokerDeleteInactiveTopicsEnabled: "false"
         PULSAR_PREFIX_saslAllowedMechanisms: OAUTHBEARER
         PULSAR_PREFIX_kopOauth2AuthenticateCallbackHandler: 
io.streamnative.pulsar.handlers.kop.security.oauth.OauthValidatorCallbackHandler
         PULSAR_PREFIX_kopOauth2ConfigFile: /conf/kop-handler.properties
         PULSAR_PREFIX_messagingProtocols: kafka
         PULSAR_PREFIX_kafkaListeners: SASL_PLAINTEXT://0.0.0.0:9092
         PULSAR_PREFIX_kafkaAdvertisedListeners: 
SASL_PLAINTEXT://10.xxxx.27:19092
         PULSAR_PREFIX_brokerEntryMetadataInterceptors: 
org.apache.pulsar.common.intercept.AppendIndexMetadataInterceptor
         PULSAR_PREFIX_authenticationEnabled: true
         PULSAR_PREFIX_authenticationProviders: 
org.apache.pulsar.broker.authentication.AuthenticationProviderToken
         PULSAR_PREFIX_brokerClientAuthenticationPlugin: 
org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2
         PULSAR_PREFIX_brokerClientAuthenticationParameters: 
"{\"type\":\"client_credentials\",\"privateKey\":\"/conf/client_credentials.json\",\"issuerUrl\":\"https://dev-ys3xxxxxxui44.us.auth0.com\";,
 \"audience\": \"pulsar\"}"
         PULSAR_PREFIX_tokenSecretKey: "data:;base64,signing-secret-from-auth0"
         LOGGING_LEVEL: debug
       ports:
         - 6650:6650
         - 8080:8080
         - 19092:9092
       volumes:
         - ./client_credentials.json:/conf/client_credentials.json
         - ./kop-handler.properties:/conf/kop-handler.properties
         - ./waitForOAuth.sh:/waitForOAuth.sh
         - ./secret.key:/conf/secret.key
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to