Skip to content

Add option to supply oauth scopes for kafka auth #4837

New issue
New issue
Open
Open
Add option to supply oauth scopes for kafka auth#4837
Assignees
jsenkocarlesarnal
Labels
area/storagepriority/normaltype/enhancementNew feature or requestversion/3.x
Milestone
 
3.x
@pegtrifork

Description

@pegtrifork
pegtrifork
opened on Jul 1, 2024

Feature or Problem Description

You are currently only able to supply client id, client secret and token endpoint when using sasl mechanism OAUTHBEARER.
However many identity providers requires you to supply a specific set of scopes to get a token with the desired claims.

Proposed Solution

A "apicurio.kafkasql.security.sasl.scope" config parameter in https://github.com/Apicurio/apicurio-registry/blob/main/app/src/main/java/io/apicurio/registry/storage/impl/kafkasql/KafkaSqlFactory.java
And possibly other configurations which can be used in the LoginCallbackHandler. For reference see https://github.com/strimzi/strimzi-kafka-oauth/blob/main/oauth-client/src/main/java/io/strimzi/kafka/oauth/client/JaasClientOauthLoginCallbackHandler.java which is the default in application.properties

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

area/storagepriority/normaltype/enhancementNew feature or requestversion/3.x

Type

No type

Projects

Registry 3.0

  • Status

    Backlog

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions