I created KIP-255: OAuth Authentication via SASL/OAUTHBEARER
This KIP proposes adding the ability to authenticate to Kafka with OAuth 2
bearer tokens using the OAUTHBEARER SASL mechanism.
The code blocks in the KIP all reflect the implementation at
Feel free to look there for more details if the code blocks whet your
appetite for more. Everything described in the KIP as currently worded is
implemented there (77% code coverage with tests) except for the ability to
perform substitution in JAAS config module options.