Skip to content

Clarify OAuth issuer checking documentation #12776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
won-seoop wants to merge 1 commit into
base: main
Choose a base branch
from
+4 −1
Open

Clarify OAuth issuer checking documentation #12776

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion documentation/modules/oauth/con-oauth-server-config.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ To enable OAuth 2.0 token-based authentication on a Kafka listener, configure th

All OAuth 2.0 validation settings (such as JWKS or token introspection) are provided through the JAAS configuration string inside the listener configuration.

If you disable issuer checking by setting `oauth.check.issuer="false"`, do not configure `oauth.valid.issuer.uri`.
When `oauth.valid.issuer.uri` is configured, the issuer is checked against that value.

=== JWT validation example

The following example shows a minimal listener configuration that validates JSON Web Tokens (JWTs) using a JWKS endpoint.
Expand Down Expand Up @@ -149,4 +152,4 @@ To configure HTTP Bearer authentication, set one of the following properties:
* `oauth.server.bearer.token` to specify the bearer token in clear text.

NOTE: In production environments, avoid storing credentials or bearer tokens in clear text.
Use a secure mechanism to provide these values to the broker.
Use a secure mechanism to provide these values to the broker.
Loading