[jira] [Updated] (KAFKA-20584) issue in SASL oauthbearer flow for kraft version in kafka 4.2

Kalyan Ram chowdary purimetla (Jira) Thu, 14 May 2026 21:39:10 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-20584?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kalyan Ram chowdary purimetla updated KAFKA-20584:
--------------------------------------------------
    Description: 
* We are testing the SASL oauth bearer for our requirements in the project 
 * We are facing some issues while trying to deploy with kafka 4.2 and are 
facing some issues in accessing with the tokens 

Server side properties are as follows 
{code:java}
listeners=SASL_PLAINTEXT://:9092,CONTROLLER://:9093
advertised.listeners=SASL_PLAINTEXT://localhost:9092,CONTROLLER://localhost:9093

# Add this line to resolve the error
inter.broker.listener.name=SASL_PLAINTEXT
sasl.enabled.mechanisms=OAUTHBEARER
sasl.mechanism.inter.broker.protocol=OAUTHBEARER
listener.name.sasl_plaintext.oauthbearer.sasl.server.callback.handler.class=org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
 
listener.name.sasl_plaintext.oauthbearer.sasl.oauthbearer.jwks.endpoint.url=<jwk_url>
 {code}
 * Consumer side properties as follows 
{code:java}
sasl.jaas.config: 
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;  
  security.protocol: SASL_PLAINTEXT       
sasl.mechanism: OAUTHBEARER       
sasl.login.callback.handler.class:org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler
       
sasl.oauthbearer.jwt.retriever.class:org.apache.kafka.common.security.oauthbearer.ClientCredentialsJwtRetriever
       
sasl.oauthbearer.client.credentials.client.id: xxxxxxx       
sasl.oauthbearer.client.credentials.client.secret: xxxxxxxxx       
sasl.oauthbearer.scope: <scope>       
sasl.oauthbearer.token.endpoint.url: <access_token_url> 

{code}
 

 * Error logs are in the attachements

  was:
* We are testing the SASL oauth bearer for our requirements in the project 
 * We are facing some issues while trying to deploy with kafka 4.2 and are 
facing some issues in accessing with the tokens 

Server side properties are as follows 
{code:java}
listeners=SASL_PLAINTEXT://:9092,CONTROLLER://:9093
advertised.listeners=SASL_PLAINTEXT://localhost:9092,CONTROLLER://localhost:9093

# Add this line to resolve the error
inter.broker.listener.name=SASL_PLAINTEXT
sasl.enabled.mechanisms=OAUTHBEARER
sasl.mechanism.inter.broker.protocol=OAUTHBEARER
listener.name.sasl_plaintext.oauthbearer.sasl.server.callback.handler.class=org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
 
listener.name.sasl_plaintext.oauthbearer.sasl.oauthbearer.jwks.endpoint.url=https://idcs-7d84fbd4d3f0434eb0f070fd3dd65fbf.identity.pint.oc9qadev.com:443/admin/v1/SigningCert/jwk
 {code}
 * Consumer side properties as follows 
{code:java}
sasl.jaas.config: 
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ;  
  security.protocol: SASL_PLAINTEXT       
sasl.mechanism: OAUTHBEARER       
sasl.login.callback.handler.class:org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler
       
sasl.oauthbearer.jwt.retriever.class:org.apache.kafka.common.security.oauthbearer.ClientCredentialsJwtRetriever
       
sasl.oauthbearer.client.credentials.client.id: xxxxxxx       
sasl.oauthbearer.client.credentials.client.secret: xxxxxxxxx       
sasl.oauthbearer.scope: <scope>       
sasl.oauthbearer.token.endpoint.url: <access_token_url> 

{code}
 

 * Error logs are in the attachements


> issue in SASL oauthbearer flow for kraft version in kafka 4.2
> -------------------------------------------------------------
>
>                 Key: KAFKA-20584
>                 URL: https://issues.apache.org/jira/browse/KAFKA-20584
>             Project: Kafka
>          Issue Type: Bug
>         Environment: Linux
>            Reporter: Kalyan Ram chowdary purimetla
>            Priority: Major
>         Attachments: error-logs.txt
>
>
> * We are testing the SASL oauth bearer for our requirements in the project 
>  * We are facing some issues while trying to deploy with kafka 4.2 and are 
> facing some issues in accessing with the tokens 
> Server side properties are as follows 
> {code:java}
> listeners=SASL_PLAINTEXT://:9092,CONTROLLER://:9093
> advertised.listeners=SASL_PLAINTEXT://localhost:9092,CONTROLLER://localhost:9093
> # Add this line to resolve the error
> inter.broker.listener.name=SASL_PLAINTEXT
> sasl.enabled.mechanisms=OAUTHBEARER
> sasl.mechanism.inter.broker.protocol=OAUTHBEARER
> listener.name.sasl_plaintext.oauthbearer.sasl.server.callback.handler.class=org.apache.kafka.common.security.oauthbearer.OAuthBearerValidatorCallbackHandler
>  
> listener.name.sasl_plaintext.oauthbearer.sasl.oauthbearer.jwks.endpoint.url=<jwk_url>
>  {code}
>  * Consumer side properties as follows 
> {code:java}
> sasl.jaas.config: 
> org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required 
> ;    security.protocol: SASL_PLAINTEXT       
> sasl.mechanism: OAUTHBEARER       
> sasl.login.callback.handler.class:org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginCallbackHandler
>        
> sasl.oauthbearer.jwt.retriever.class:org.apache.kafka.common.security.oauthbearer.ClientCredentialsJwtRetriever
>        
> sasl.oauthbearer.client.credentials.client.id: xxxxxxx       
> sasl.oauthbearer.client.credentials.client.secret: xxxxxxxxx       
> sasl.oauthbearer.scope: <scope>       
> sasl.oauthbearer.token.endpoint.url: <access_token_url> 
> {code}
>  
>  * Error logs are in the attachements



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KAFKA-20584) issue in SASL oauthbearer flow for kraft version in kafka 4.2

Reply via email to