[
https://issues.apache.org/jira/browse/KAFKA-7462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dong Lin updated KAFKA-7462:
----------------------------
Fix Version/s: (was: 2.1.0)
2.2.0
> Kafka brokers cannot provide OAuth without a token
> --------------------------------------------------
>
> Key: KAFKA-7462
> URL: https://issues.apache.org/jira/browse/KAFKA-7462
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0
> Reporter: Rajini Sivaram
> Priority: Major
> Fix For: 2.2.0
>
>
> Like with all other SASL mechanisms, OAUTHBEARER uses the same LoginModule
> class on both server-side and the client-side. But unlike PLAIN or SCRAM
> where client credentials are optional, OAUTHBEARER requires always requires a
> token. So while with PLAIN/SCRAM, broker only needs to specify client
> credentials if the mechanism is used for inter-broker communication, with
> OAuth, broker requires client credentials even if OAuth is not used for
> inter-broker communication. This is an issue with the default
> `OAuthBearerUnsecuredLoginCallbackHandler` used on both client-side and
> server-side. But more critically, it is an issue with
> `OAuthBearerLoginModule` which doesn't commit if token == null (commit()
> returns false).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
