[jira] [Commented] (KAFKA-15878) KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER
[ https://issues.apache.org/jira/browse/KAFKA-15878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17822617#comment-17822617 ] Anuj Sharma commented on KAFKA-15878: - [~kirktrue] - thanks so much for assigning the ticket to yourself in the meanwhile. For some reason I don't have access to assign the ticket to myself. I have raised a ticket on apache infra to get this sorted (Though I am not sure if it's the best place to address my query). > KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER > > > Key: KAFKA-15878 > URL: https://issues.apache.org/jira/browse/KAFKA-15878 > Project: Kafka > Issue Type: Improvement > Components: clients >Reporter: Anuj Sharma >Assignee: Kirk True >Priority: Major > Labels: oauth > Fix For: 3.8.0 > > > {code:java} > // code placeholder > {code} > h1. Overview > * This issue pertains to > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism of Kafka authentication. > * Kafka clients can use [SASL/OAUTHBEARER > |https://kafka.apache.org/documentation/#security_sasl_oauthbearer]mechanism > by overriding the [custom call back > handlers|https://kafka.apache.org/documentation/#security_sasl_oauthbearer_prod] > . > * > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > available from v3.1 further extends the mechanism with a production grade > implementation. > * Kafka's > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism currently {*}rejects the non-JWT (i.e. opaque) tokens{*}. This is > because of a more restrictive set of characters than what > [RFC-6750|https://datatracker.ietf.org/doc/html/rfc6750#section-2.1] > recommends. > * This JIRA can be considered an extension of > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > to support the opaque tokens as well apart from the JWT tokens. > > In summary the following character set should be supported as per the RFC - > {code:java} > 1*( ALPHA / DIGIT / >"-" / "." / "_" / "~" / "+" / "/" ) *"=" > {code} > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KAFKA-15878) KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER
[ https://issues.apache.org/jira/browse/KAFKA-15878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17821352#comment-17821352 ] Kirk True commented on KAFKA-15878: --- [~philomathanuj]—are you able to assign this Jira to yourself? I stuck it in my queue to make sure it doesn't fall through the cracks. Thanks! > KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER > > > Key: KAFKA-15878 > URL: https://issues.apache.org/jira/browse/KAFKA-15878 > Project: Kafka > Issue Type: Improvement > Components: clients >Reporter: Anuj Sharma >Assignee: Kirk True >Priority: Major > Labels: oauth > Fix For: 3.8.0 > > > {code:java} > // code placeholder > {code} > h1. Overview > * This issue pertains to > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism of Kafka authentication. > * Kafka clients can use [SASL/OAUTHBEARER > |https://kafka.apache.org/documentation/#security_sasl_oauthbearer]mechanism > by overriding the [custom call back > handlers|https://kafka.apache.org/documentation/#security_sasl_oauthbearer_prod] > . > * > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > available from v3.1 further extends the mechanism with a production grade > implementation. > * Kafka's > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism currently {*}rejects the non-JWT (i.e. opaque) tokens{*}. This is > because of a more restrictive set of characters than what > [RFC-6750|https://datatracker.ietf.org/doc/html/rfc6750#section-2.1] > recommends. > * This JIRA can be considered an extension of > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > to support the opaque tokens as well apart from the JWT tokens. > > In summary the following character set should be supported as per the RFC - > {code:java} > 1*( ALPHA / DIGIT / >"-" / "." / "_" / "~" / "+" / "/" ) *"=" > {code} > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KAFKA-15878) KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER
[ https://issues.apache.org/jira/browse/KAFKA-15878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17809770#comment-17809770 ] Anuj Sharma commented on KAFKA-15878: - Hi [~kirktrue] , yes that's right. Thanks. > KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER > > > Key: KAFKA-15878 > URL: https://issues.apache.org/jira/browse/KAFKA-15878 > Project: Kafka > Issue Type: Improvement > Components: clients >Reporter: Anuj Sharma >Priority: Major > Labels: oauth > Fix For: 3.8.0 > > > {code:java} > // code placeholder > {code} > h1. Overview > * This issue pertains to > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism of Kafka authentication. > * Kafka clients can use [SASL/OAUTHBEARER > |https://kafka.apache.org/documentation/#security_sasl_oauthbearer]mechanism > by overriding the [custom call back > handlers|https://kafka.apache.org/documentation/#security_sasl_oauthbearer_prod] > . > * > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > available from v3.1 further extends the mechanism with a production grade > implementation. > * Kafka's > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism currently {*}rejects the non-JWT (i.e. opaque) tokens{*}. This is > because of a more restrictive set of characters than what > [RFC-6750|https://datatracker.ietf.org/doc/html/rfc6750#section-2.1] > recommends. > * This JIRA can be considered an extension of > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > to support the opaque tokens as well apart from the JWT tokens. > > In summary the following character set should be supported as per the RFC - > {code:java} > 1*( ALPHA / DIGIT / >"-" / "." / "_" / "~" / "+" / "/" ) *"=" > {code} > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KAFKA-15878) KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER
[ https://issues.apache.org/jira/browse/KAFKA-15878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17807866#comment-17807866 ] Kirk True commented on KAFKA-15878: --- [~philomathanuj]—for this to work, I assume the user would have to implement custom callback handlers that use a non-JWT validation approach, correct? > KIP-768: Extend support for opaque (i.e. non-JWT) tokens in SASL/OAUTHBEARER > > > Key: KAFKA-15878 > URL: https://issues.apache.org/jira/browse/KAFKA-15878 > Project: Kafka > Issue Type: Improvement > Components: clients >Reporter: Anuj Sharma >Priority: Major > Labels: oauth > Fix For: 3.8.0 > > > {code:java} > // code placeholder > {code} > h1. Overview > * This issue pertains to > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism of Kafka authentication. > * Kafka clients can use [SASL/OAUTHBEARER > |https://kafka.apache.org/documentation/#security_sasl_oauthbearer]mechanism > by overriding the [custom call back > handlers|https://kafka.apache.org/documentation/#security_sasl_oauthbearer_prod] > . > * > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > available from v3.1 further extends the mechanism with a production grade > implementation. > * Kafka's > [SASL/OAUTHBEARER|https://kafka.apache.org/documentation/#security_sasl_oauthbearer] > mechanism currently {*}rejects the non-JWT (i.e. opaque) tokens{*}. This is > because of a more restrictive set of characters than what > [RFC-6750|https://datatracker.ietf.org/doc/html/rfc6750#section-2.1] > recommends. > * This JIRA can be considered an extension of > [KIP-768|https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575] > to support the opaque tokens as well apart from the JWT tokens. > > In summary the following character set should be supported as per the RFC - > {code:java} > 1*( ALPHA / DIGIT / >"-" / "." / "_" / "~" / "+" / "/" ) *"=" > {code} > > > -- This message was sent by Atlassian Jira (v8.20.10#820010)