Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does current version support oauthbearer/OIDC? #238

Open
leiwang008 opened this issue Jul 8, 2024 · 1 comment
Open

Does current version support oauthbearer/OIDC? #238

leiwang008 opened this issue Jul 8, 2024 · 1 comment

Comments

@leiwang008
Copy link

leiwang008 commented Jul 8, 2024
edited
Loading

I saw that some oauthbearer/OIDC related constants are defined in file

modern-cpp-kafka/include/kafka/ClientConfig.h

Line 113 in 122678e

* Set to "default" or "oidc" to control with login method to be used.

"sasl.oauthbearer.method"
"sasl.oauthbearer.client.id"
"sasl.oauthbearer.client.secret"
"sasl.oauthbearer.scope"
"sasl.oauthbearer.token.endpoint.url"

I saw in the readme file, it says
By now, modern-cpp-kafka is compatible with librdkafka v2.4.0.
I also checked the source code of librdkafka 2.4.0, it already supports the "oauthbearer/OIDC".
So I guess that oauthbearer/OIDC is also supported in modern-cpp-kafka, right?

In the KafkaClient.h, you provide the custom callback to parse the token.

    // OAUTHBEARER Toker Refresh Callback
    if (properties.contains(Config::OAUTHBEARER_TOKEN_REFRESH_CB))
    {
        setOauthbearerTokenRefreshCallback(properties.get<OauthbearerTokenRefreshCallback>(Config::OAUTHBEARER_TOKEN_REFRESH_CB));

        rd_kafka_conf_set_oauthbearer_token_refresh_cb(rk_conf.get(), KafkaClient::oauthbearerTokenRefreshCallback);
    }

In my code, I have implemented the custom token callback to parse a json-format token something like
{"Token":"", "PrincipalName":"", "LeftTimeMS": 9999999999999, "extensions": {"a":"val", "b":"val"}} and it worked correctly with the unsecure token or with the azure-oidc token.

I would like to know if current version supports oauthbearer/OIDC? If yes, do we have any example how to use it?

From my reading, I guess that we just need to set those properties in the kafka config
"sasl.oauthbearer.method"
"sasl.oauthbearer.client.id"
"sasl.oauthbearer.client.secret"
"sasl.oauthbearer.scope"
"sasl.oauthbearer.token.endpoint.url"

and the "sasl.oauthbearer.method" should be set to "oidc" and it will work, right? The kafka-oidc implementation will override my custom token callback, right?
@leiwang008
Copy link
Author

Don't worry about this question, I got it worked. Just set these properties and it works. But we probably should not set the Config::OAUTHBEARER_TOKEN_REFRESH_CB if we use the "oidc", it will cause chaos.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@leiwang008