[ https://issues.apache.org/jira/browse/KAFKA-7462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajini Sivaram resolved KAFKA-7462. ----------------------------------- Resolution: Fixed Fix Version/s: (was: 2.2.0) 2.1.0 > Kafka brokers cannot provide OAuth without a token > -------------------------------------------------- > > Key: KAFKA-7462 > URL: https://issues.apache.org/jira/browse/KAFKA-7462 > Project: Kafka > Issue Type: Bug > Components: security > Affects Versions: 2.0.0 > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Priority: Major > Fix For: 2.1.0 > > > Like with all other SASL mechanisms, OAUTHBEARER uses the same LoginModule > class on both server-side and the client-side. But unlike PLAIN or SCRAM > where client credentials are optional, OAUTHBEARER requires always requires a > token. So while with PLAIN/SCRAM, broker only needs to specify client > credentials if the mechanism is used for inter-broker communication, with > OAuth, broker requires client credentials even if OAuth is not used for > inter-broker communication. This is an issue with the default > `OAuthBearerUnsecuredLoginCallbackHandler` used on both client-side and > server-side. But more critically, it is an issue with > `OAuthBearerLoginModule` which doesn't commit if token == null (commit() > returns false). -- This message was sent by Atlassian JIRA (v7.6.3#76005)