Sushant Mahajan created KAFKA-15077:
---------------------------------------
Summary: FileTokenRetriever does trim the token before returning
it.
Key: KAFKA-15077
URL: https://issues.apache.org/jira/browse/KAFKA-15077
Project: Kafka
Issue Type: Bug
Components: clients
Reporter: Sushant Mahajan
The {{FileTokenRetriever}} class is used to read the access_token from a file
on the clients system and then the info is passed along with jaas config to the
{{{}OAuthBearerSaslServer{}}}.
The server uses the class {{OAuthBearerClientInitialResponse}} to validate the
token format.
In case the token was sent using {{FileTokenRetriever}} on the client side,
some EOL character is getting appended to the token, causing authentication to
fail with the message:
{{ERROR org.apache.kafka.common.errors.SaslAuthenticationException:
Authentication failed during authentication due to invalid credentials with
SASL mechanism OAUTHBEARER (kafka.admin.TopicCommand$)}}
On the server side the following line
[https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/OAuthBearerClientInitialResponse.java#L68]
with throw an exception failing the request.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
