Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bearer token support for Kafka broker to authenticate to use JWKS / Introspection endpoints #217

Merged
merged 1 commit into from
Jan 24, 2024

Conversation

mstruk
Copy link
Contributor

@mstruk mstruk commented Jan 15, 2024

This PR introduces the following configuration options for use when configuring the listener:

  • oauth.server.bearer.token
  • oauth.server.bearer.token.location

The authentication configuration rules for configuring the introspection endpoint have been relaxed. Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with oauth.client.id and oauth.client.secret to send Basic Authorization header or with the oauth.server.bearer.token or oauth.server.bearer.token.location when sending Bearer Authorization header.

JWKS endpoint can now also be protected in the same way.

@mstruk mstruk added this to the 0.15.0 milestone Jan 15, 2024
…r introspection endpoint

Signed-off-by: Marko Strukelj <marko.strukelj@gmail.com>
@mstruk mstruk marked this pull request as ready for review January 22, 2024 11:35
@mstruk mstruk requested a review from scholzj January 23, 2024 13:57
@mstruk mstruk merged commit 8cfc1d3 into strimzi:main Jan 24, 2024
4 checks passed
@mstruk
Copy link
Contributor Author

mstruk commented Jan 24, 2024

While Travis CI hasn't managed to run, locally running the full testsuite passes fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants