Package org.apache.kafka.common.security.oauthbearer.secured

Interface AccessTokenValidator

All Known Implementing Classes:

LoginAccessTokenValidator, ValidatorAccessTokenValidator

public interface AccessTokenValidator

An instance of AccessTokenValidator acts as a function object that, given an access token in base-64 encoded JWT format, can parse the data, perform validation, and construct an OAuthBearerToken for use by the caller. The primary reason for this abstraction is that client and broker may have different libraries available to them to perform these operations. Additionally, the exact steps for validation may differ between implementations. To put this more concretely: the implementation in the Kafka client does not have bundled a robust library to perform this logic, and it is not the responsibility of the client to perform vigorous validation. However, the Kafka broker ships with a richer set of library dependencies that can perform more substantial validation and is also expected to perform a trust-but-verify test of the access token's signature. See:

• RFC 6749, Section 1.4
• RFC 6750, Section 2.1
• RFC 6750, Section 2.1

See Also:

• A basic AccessTokenValidator used by client-side login authentication
• A more robust AccessTokenValidator that is used on the broker to validate the token's contents and verify the signature

Method Summary

Modifier and Type	Method	Description
OAuthBearerToken	validate(String accessToken)	Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.

Method Details

validate

OAuthBearerToken validate(String accessToken)
                   throws ValidateException

Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.

Parameters:

accessToken - Non-null JWT access token

Returns:

OAuthBearerToken

Throws:

ValidateException - Thrown on errors performing validation of given token