Package org.apache.kafka.common.security.oauthbearer

Class OAuthBearerExtensionsValidatorCallback

java.lang.Object
org.apache.kafka.common.security.oauthbearer.CommonExtensionsValidatorCallback
org.apache.kafka.common.security.oauthbearer.OAuthBearerExtensionsValidatorCallback
All Implemented Interfaces:
Callback, Contextable
public class OAuthBearerExtensionsValidatorCallback extends CommonExtensionsValidatorCallback
A Callback for use by the SaslServer implementation when it needs to validate the SASL extensions for the OAUTHBEARER mechanism Callback handlers should use the CommonExtensionsValidatorCallback.valid(String) method to communicate valid extensions back to the SASL server. Callback handlers should use the CommonExtensionsValidatorCallback.error(String, String) method to communicate validation errors back to the SASL Server. As per RFC-7628 (https://tools.ietf.org/html/rfc7628#section-3.1), unknown extensions must be ignored by the server. The callback handler implementation should simply ignore unknown extensions, not calling CommonExtensionsValidatorCallback.error(String, String) nor CommonExtensionsValidatorCallback.valid(String). Callback handlers should communicate other problems by raising an IOException.

The OAuth bearer token is provided in the callback for better context in extension validation. It is very important that token validation is done in its own OAuthBearerValidatorCallback irregardless of provided extensions, as they are inherently insecure.

  • Constructor Details

    • OAuthBearerExtensionsValidatorCallback

      public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions, io.confluent.kafka.util.ClientContext context)

    • OAuthBearerExtensionsValidatorCallback

      public OAuthBearerExtensionsValidatorCallback(OAuthBearerToken token, SaslExtensions extensions)

  • Method Details