Kirk True created KAFKA-13202:
---------------------------------
Summary: KIP-768: Extend SASL/OAUTHBEARER with Support for OIDC
Key: KAFKA-13202
URL: https://issues.apache.org/jira/browse/KAFKA-13202
Project: Kafka
Issue Type: New Feature
Components: clients, security
Reporter: Kirk True
Assignee: Kirk True
This task is to provide a concrete implementation of the interfaces defined in
[KIP-255|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75968876]
to allow Kafka to connect to an [OAuth|https://en.wikipedia.org/wiki/OAuth] /
[OIDC|https://en.wikipedia.org/wiki/OpenID#OpenID_Connect_(OIDC)] identity
provider for authentication and token retrieval. While KIP-255 provides an
unsecured JWT example for development, this will fill in the gap and provide a
production-grade implementation.
The OAuth/OIDC work will allow out-of-the-box configuration by any Apache Kafka
users to connect to an external identity provider service (e.g. Okta, Auth0,
Azure, etc.). The code will implement the standard OAuth {{clientcredentials}}
grant type.
The proposed change is largely composed of a pair of
{{AuthenticateCallbackHandler}} implementations: one to login on the client and
one to validate on the broker.
See [KIP-768: Extend SASL/OAUTHBEARER with Support for
OIDC|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575]
for more detail.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
