Minor Description
The FileTokenRetriever class is used to read the access_token from a file on the clients system and then the info is passed along with jaas config to the OAuthBearerSaslServer.
The server uses the class OAuthBearerClientInitialResponse to validate the token format.
In case the token was sent using FileTokenRetriever on the client side, some EOL character is getting appended to the token, causing authentication to fail with the message (in case to topic create):
ERROR org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism OAUTHBEARER
On the server side the following line https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/security/oauthbearer/internals/OAuthBearerClientInitialResponse.java#L68 with throw an exception failing the request.
Attachments
Issue Links
- links to
