Interface JwtValidator
- All Superinterfaces:
AutoCloseable,Closeable,org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
- All Known Implementing Classes:
BrokerJwtValidator,ClientJwtValidator,DefaultJwtValidator
public interface JwtValidator
extends org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
An instance of
JwtValidator acts as a function object that, given an access
token in base-64 encoded JWT format, can parse the data, perform validation, and construct an
OAuthBearerToken for use by the caller.
The primary reason for this abstraction is that client and broker may have different libraries
available to them to perform these operations. Additionally, the exact steps for validation may
differ between implementations. To put this more concretely: the implementation in the Kafka
client does not have bundled a robust library to perform this logic, and it is not the
responsibility of the client to perform vigorous validation. However, the Kafka broker ships with
a richer set of library dependencies that can perform more substantial validation and is also
expected to perform a trust-but-verify test of the access token's signature.
See:
-
Method Summary
Modifier and TypeMethodDescriptionAccepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.Methods inherited from interface org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable
close, configure
-
Method Details
-
validate
Accepts an OAuth JWT access token in base-64 encoded format, validates, and returns an OAuthBearerToken.- Parameters:
accessToken- Non-nullJWT access token- Returns:
OAuthBearerToken- Throws:
JwtValidatorException- Thrown on errors performing validation of given token
-