Package org.apache.kafka.common.security.oauthbearer

package org.apache.kafka.common.security.oauthbearer

Provides a LoginModule for using OAuth Bearer Token authentication with Kafka clusters.

Class	Description
BrokerJwtValidator	BrokerJwtValidator is an implementation of JwtValidator that is used by the broker to perform more extensive validation of the JWT access token that is received from the client, but ultimately from posting the client credentials to the OAuth/OIDC provider's token endpoint.
BrokerJwtValidator.ClaimSupplier<T>
ClientCredentialsJwtRetriever	ClientCredentialsJwtRetriever is a JwtRetriever that performs the steps to request a JWT from an OAuth/OIDC identity provider using the client_credentials grant type.
ClientJwtValidator	ClientJwtValidator is an implementation of JwtValidator that is used by the client to perform some rudimentary validation of the JWT access token that is received as part of the response from posting the client credentials to the OAuth/OIDC provider's token endpoint.
DefaultJwtRetriever	DefaultJwtRetriever instantiates and delegates JwtRetriever API calls to an embedded implementation based on configuration: If the value of sasl.oauthbearer.token.endpoint.url is set to a value that starts with the file protocol (e.g.
DefaultJwtValidator	This JwtValidator uses the delegation approach, instantiating and delegating calls to a more concrete implementation.
FileJwtRetriever	FileJwtRetriever is an JwtRetriever that will load the contents of a file, interpreting them as a JWT access key in the serialized form.
JwtBearerJwtRetriever	JwtBearerJwtRetriever is a JwtRetriever that performs the steps to request a JWT from an OAuth/OIDC identity provider using the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
JwtRetriever	A JwtRetriever is the internal API by which the login module will retrieve an access token for use in authorization by the broker.
JwtRetrieverException	A JwtRetrieverException is thrown in cases where the JWT cannot be retrieved.
JwtValidator	An instance of JwtValidator acts as a function object that, given an access token in base-64 encoded JWT format, can parse the data, perform validation, and construct an OAuthBearerToken for use by the caller.
JwtValidatorException	A JwtValidatorException is thrown in cases where the validity of a JWT cannot be determined.
OAuthBearerExtensionsValidatorCallback	A Callback for use by the SaslServer implementation when it needs to validate the SASL extensions for the OAUTHBEARER mechanism Callback handlers should use the OAuthBearerExtensionsValidatorCallback.valid(String) method to communicate valid extensions back to the SASL server.
OAuthBearerLoginCallbackHandler	OAuthBearerLoginCallbackHandler is an AuthenticateCallbackHandler that accepts OAuthBearerTokenCallback and SaslExtensionsCallback callbacks to perform the steps to request a JWT from an OAuth/OIDC provider using the client_credentials.
OAuthBearerLoginModule	The LoginModule for the SASL/OAUTHBEARER mechanism.
OAuthBearerToken	The b64token value as defined in RFC 6750 Section 2.1 along with the token's specific scope and lifetime and principal name.
OAuthBearerTokenCallback	A Callback for use by the SaslClient and Login implementations when they require an OAuth 2 bearer token.
OAuthBearerValidatorCallback	A Callback for use by the SaslServer implementation when it needs to provide an OAuth 2 bearer token compact serialization for validation.
OAuthBearerValidatorCallbackHandler	OAuthBearerValidatorCallbackHandler is an AuthenticateCallbackHandler that accepts OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback callbacks to implement OAuth/OIDC validation.