Anuj Sharma created KAFKA-15878:
-----------------------------------
Summary: KIP-768: Extend support for opaque (i.e. non-JWT) tokens
in SASL/OAUTHBEARER
Key: KAFKA-15878
URL: https://issues.apache.org/jira/browse/KAFKA-15878
Project: Kafka
Issue Type: Improvement
Components: clients
Reporter: Anuj Sharma
{code:java}
// code placeholder
{code}
h1. Overview
* This issue pertains to
[SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer]
mechanism of Kafka authentication.
* Kafka clients can use [SASL/OAUTHBEARER
|https://kafka.apache.org/documentation/#security_sasl_oauthbearer]mechanism by
overriding the [custom call back
handlers|https://kafka.apache.org/documentation/#security_sasl_oauthbearer_prod]
.
*
[KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575]
available from v3.1 further extends the mechanism with a production grade
implementation.
* Kafka's
[SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer]
mechanism currently {*}rejects the non-JWT (i.e. opaque) tokens{*}. This is
because of a more restrictive set of characters than what
[RFC-6750|https://datatracker.ietf.org/doc/html/rfc6750#section-2.1]
recommends.
* This JIRA can be considered an extension of
[KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575]
to support the opaque tokens as well apart from the JWT tokens.
In summary the following character set should be supported as per the RFC -
{code:java}
1*( ALPHA / DIGIT /
"-" / "." / "_" / "~" / "+" / "/" ) *"="
{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
