Rajini Sivaram created KAFKA-14676:
--------------------------------------
Summary: Token endpoint URL used for OIDC cannot be set on the
JAAS config
Key: KAFKA-14676
URL: https://issues.apache.org/jira/browse/KAFKA-14676
Project: Kafka
Issue Type: Bug
Components: security
Affects Versions: 3.3.2, 3.2.3, 3.1.2, 3.4.0
Reporter: Rajini Sivaram
Assignee: Rajini Sivaram
Kafka allows multiple clients within a JVM to use different SASL configurations
by configuring the JAAS configuration in `sasl.jaas.config` instead of the
JVM-wide system property. For SASL login, we reuse logins within a JVM by
caching logins indexed by their sasl.jaas.config. This relies on login configs
being overridable using `sasl.jaas.config`.
KIP-768
([https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575)]
added support for OIDC for SASL/OAUTHBEARER. The token endpoint used to acquire
tokens can currently only be configured using the Kafka config
`sasl.oauthbearer.token.endpoint.url`. This prevents different clients within a
JVM from using different URLs. We need to either provide a way to override the
URL within `sasl.jaas.config` or include more of the client configs in the
LoginMetadata used as key for cached logins.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
