-
Notifications
You must be signed in to change notification settings - Fork 122
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add custom oauth bearer authentication support (#548)
Co-authored-by: kikofps <22330887+kikofps@users.noreply.github.com>
- Loading branch information
1 parent
ddcefb9
commit 188b21d
Showing
8 changed files
with
144 additions
and
35 deletions.
There are no files selected for viewing
26 changes: 26 additions & 0 deletions
26
src/KafkaFlow.Abstractions/Authentication/IOAuthBearerAuthenticator.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
using System.Collections.Generic; | ||
|
||
namespace KafkaFlow.Authentication; | ||
|
||
/// <summary> | ||
/// Authentication handler for OAuth Bearer. | ||
/// </summary> | ||
public interface IOAuthBearerAuthenticator | ||
{ | ||
/// <summary> | ||
/// Set SASL/OAUTHBEARER token and metadata. The SASL/OAUTHBEARER token refresh callback or event handler should invoke this method upon | ||
/// success. The extension keys must not include the reserved key "`auth`", and all extension keys and values must conform to the required | ||
/// format as per https://tools.ietf.org/html/rfc7628#section-3.1. | ||
/// </summary> | ||
/// <param name="tokenValue">The mandatory token value to set, often (but not necessarily) a JWS compact serialization as per https://tools.ietf.org/html/rfc7515#section-3.1</param> | ||
/// <param name="lifetimeMs">When the token expires, in terms of the number of milliseconds since the epoch</param> | ||
/// <param name="principalName">The mandatory Kafka principal name associated with the token</param> | ||
/// <param name="extensions">Optional SASL extensions dictionary, to be communicated to the broker as additional key-value pairs during the initial client response as per https://tools.ietf.org/html/rfc7628#section-3.1</param> | ||
void SetToken(string tokenValue, long lifetimeMs, string principalName, IDictionary<string, string> extensions = null); | ||
|
||
/// <summary> | ||
/// SASL/OAUTHBEARER token refresh failure indicator. The SASL/OAUTHBEARER token refresh callback or event handler should invoke this method upon failure. | ||
/// </summary> | ||
/// <param name="error">Mandatory human readable error reason for failing to acquire a token</param> | ||
void SetTokenFailure(string error); | ||
} |
24 changes: 12 additions & 12 deletions
24
src/KafkaFlow.Abstractions/Configuration/SaslOauthbearerMethod.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,12 @@ | ||
namespace KafkaFlow.Configuration | ||
{ | ||
/// <summary>SaslOauthbearerMethod enum values</summary> | ||
public enum SaslOauthbearerMethod | ||
{ | ||
/// <summary>Default</summary> | ||
Default, | ||
|
||
/// <summary>Oidc</summary> | ||
Oidc, | ||
} | ||
} | ||
namespace KafkaFlow.Configuration | ||
{ | ||
/// <summary>SaslOauthbearerMethod enum values</summary> | ||
public enum SaslOauthbearerMethod | ||
{ | ||
/// <summary>Default</summary> | ||
Default, | ||
|
||
/// <summary>Oidc</summary> | ||
Oidc, | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
using KafkaFlow.Authentication; | ||
Check warning on line 1 in src/KafkaFlow.Abstractions/Configuration/SecurityInformation.cs GitHub Actions / build
Check warning on line 1 in src/KafkaFlow.Abstractions/Configuration/SecurityInformation.cs GitHub Actions / release
|
||
using System; | ||
Check warning on line 2 in src/KafkaFlow.Abstractions/Configuration/SecurityInformation.cs GitHub Actions / Deploy to GitHub Pages
|
||
|
||
namespace KafkaFlow.Configuration; | ||
|
||
/// <summary> | ||
|
@@ -249,4 +252,9 @@ public class SecurityInformation | |
/// importance: low | ||
/// </summary> | ||
public string SaslOauthbearerScope { get; set; } | ||
} | ||
|
||
/// <summary> | ||
/// Gets or sets the OAuthBearerTokenRefreshHandler for custom OAuth authentication. | ||
/// </summary> | ||
public Action<IOAuthBearerAuthenticator> OAuthBearerTokenRefreshHandler { get; set; } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
using System.Collections.Generic; | ||
using Confluent.Kafka; | ||
|
||
namespace KafkaFlow.Authentication; | ||
|
||
internal readonly struct OAuthBearerAuthenticator : IOAuthBearerAuthenticator | ||
{ | ||
private readonly IClient _client; | ||
|
||
public OAuthBearerAuthenticator(IClient client) | ||
{ | ||
_client = client; | ||
} | ||
|
||
public void SetToken(string tokenValue, long lifetimeMs, string principalName, IDictionary<string, string> extensions = null) | ||
{ | ||
_client.OAuthBearerSetToken(tokenValue, lifetimeMs, principalName, extensions); | ||
} | ||
|
||
public void SetTokenFailure(string error) | ||
{ | ||
_client.OAuthBearerSetTokenFailure(error); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters