[
https://issues.apache.org/jira/browse/KAFKA-13202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kirk True updated KAFKA-13202:
------------------------------
Labels: OAuth (was: )
> KIP-768: Extend SASL/OAUTHBEARER with Support for OIDC
> ------------------------------------------------------
>
> Key: KAFKA-13202
> URL: https://issues.apache.org/jira/browse/KAFKA-13202
> Project: Kafka
> Issue Type: New Feature
> Components: clients, security
> Reporter: Kirk True
> Assignee: Kirk True
> Priority: Major
> Labels: OAuth
> Fix For: 3.1.0
>
>
> This task is to provide a concrete implementation of the interfaces defined
> in
> [KIP-255|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75968876]
> to allow Kafka to connect to an [OAuth|https://en.wikipedia.org/wiki/OAuth]
> / [OIDC|https://en.wikipedia.org/wiki/OpenID#OpenID_Connect_(OIDC)] identity
> provider for authentication and token retrieval. While KIP-255 provides an
> unsecured JWT example for development, this will fill in the gap and provide
> a production-grade implementation.
> The OAuth/OIDC work will allow out-of-the-box configuration by any Apache
> Kafka users to connect to an external identity provider service (e.g. Okta,
> Auth0, Azure, etc.). The code will implement the standard OAuth
> {{clientcredentials}} grant type.
> The proposed change is largely composed of a pair of
> {{AuthenticateCallbackHandler}} implementations: one to login on the client
> and one to validate on the broker.
> See [KIP-768: Extend SASL/OAUTHBEARER with Support for
> OIDC|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575]
> for more detail.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
