[ https://issues.apache.org/jira/browse/KAFKA-15077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Manikumar updated KAFKA-15077: ------------------------------ Fix Version/s: 3.6.0 > FileTokenRetriever does trim the token before returning it. > ----------------------------------------------------------- > > Key: KAFKA-15077 > URL: https://issues.apache.org/jira/browse/KAFKA-15077 > Project: Kafka > Issue Type: Bug > Components: clients > Reporter: Sushant Mahajan > Assignee: Sushant Mahajan > Priority: Minor > Fix For: 3.6.0 > > Original Estimate: 1h > Remaining Estimate: 1h > > The {{FileTokenRetriever}} class is used to read the access_token from a file > on the clients system and then the info is passed along with jaas config to > the {{{}OAuthBearerSaslServer{}}}. > The server uses the class {{OAuthBearerClientInitialResponse}} to validate > the token format. > In case the token was sent using {{FileTokenRetriever}} on the client side, > some EOL character is getting appended to the token, causing authentication > to fail with the message (in case to topic create): > {{ERROR org.apache.kafka.common.errors.SaslAuthenticationException: > Authentication failed during authentication due to invalid credentials with > SASL mechanism OAUTHBEARER}} > > On the server side the following line > [https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/OAuthBearerClientInitialResponse.java#L68] > with throw an exception failing the request. -- This message was sent by Atlassian Jira (v8.20.10#820010)