[ https://issues.apache.org/jira/browse/KAFKA-14676?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rajini Sivaram resolved KAFKA-14676. ------------------------------------ Fix Version/s: 3.5.0 3.4.1 3.3.3 Reviewer: Manikumar Resolution: Fixed > Token endpoint URL used for OIDC cannot be set on the JAAS config > ----------------------------------------------------------------- > > Key: KAFKA-14676 > URL: https://issues.apache.org/jira/browse/KAFKA-14676 > Project: Kafka > Issue Type: Bug > Components: security > Affects Versions: 3.1.2, 3.4.0, 3.2.3, 3.3.2 > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Priority: Major > Fix For: 3.5.0, 3.4.1, 3.3.3 > > > Kafka allows multiple clients within a JVM to use different SASL > configurations by configuring the JAAS configuration in `sasl.jaas.config` > instead of the JVM-wide system property. For SASL login, we reuse logins > within a JVM by caching logins indexed by their sasl.jaas.config. This relies > on login configs being overridable using `sasl.jaas.config`. > KIP-768 > ([https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=186877575)] > added support for OIDC for SASL/OAUTHBEARER. The token endpoint used to > acquire tokens can currently only be configured using the Kafka config > `sasl.oauthbearer.token.endpoint.url`. This prevents different clients within > a JVM from using different URLs. We need to either provide a way to override > the URL within `sasl.jaas.config` or include more of the client configs in > the LoginMetadata used as key for cached logins. -- This message was sent by Atlassian Jira (v8.20.10#820010)