Authentication with SASL using JAAS VS librdkafka oAuthBearer

Question

We have a kafkaProducer cpp application, which will send data to kafkaBrokers which are configured to authenticate using JAAS-OAUTHBEARER.

Can I use JAAS with cpp kafkaProducer which uses librdkafka ?
Without JAAS (with oauth mechanism of librdkafka) Can I produce data to brokers which is JAAS configured ?

Kafka producer configs:

SaslConfigs.SASL_JAAS_CONFIG = "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required"

SECURITY_PROTOCOL_CONFIG =  "SASL_PLAINTEXT"

sasl.mechanism = "OAUTHBEARER"
sasl.login.callback.handler.class = OAuthClientCallbackHandler.class.getName()

Kafka client

rd_kafka_conf_set (conf, "bootstrap.servers", brokers)
rd_kafka_conf_set (conf, "security.protocol", "SASL_PLAINTEXT")
rd_kafka_conf_set (conf, "sasl.mechanism", "OAUTHBEARER")
rd_kafka_conf_set_oauthbearer_token_refresh_cb(conf, token_refresh_cb_fun)

Can these two connect and send data using oauth mechanism ?

score 1 · Answer 1 · answered Aug 02 '23 at 18:07

1

JKS / JAAS is Java specific. The broker runs Java, so yes, it's required there.

For non-Java clients, no, you cannot use it, and you need X.509 certificates along with other SASL configs such as

sasl.oauthbearer.config
sasl.oauthbearer.client.id
sasl.oauthbearer.client.secret
sasl.oauthbearer.token.endpoint.url
sasl.oauthbearer.method
sasl.oauthbearer.scope

answered Aug 02 '23 at 18:07

OneCricketeer

179,855
19
132
245

Okay, I can't use JAAS in librdkafka. Is second question is possible ? – indev Aug 03 '23 at 05:16
1

What second question? Yes, librdkafka with Oauth settings can send to a Kafka broker that has JAAS settings – OneCricketeer Aug 03 '23 at 18:03

Authentication with SASL using JAAS VS librdkafka oAuthBearer

1 Answers1