Package io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth

Class HttpJwtRetriever

java.lang.Object

io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth.HttpJwtRetriever

All Implemented Interfaces:

Closeable, AutoCloseable, org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable, org.apache.kafka.common.security.oauthbearer.JwtRetriever

public class HttpJwtRetriever
extends Object
implements org.apache.kafka.common.security.oauthbearer.JwtRetriever

HttpJwtRetriever is a JwtRetriever that will communicate with an OAuth/OIDC provider directly via HTTP to post client credentials (OAuthBearerLoginCallbackHandler.CLIENT_ID_CONFIG/ OAuthBearerLoginCallbackHandler.CLIENT_SECRET_CONFIG) to a publicized token endpoint URL (SaslConfigs.SASL_OAUTHBEARER_TOKEN_ENDPOINT_URL).

Field Summary

Fields

Modifier and Type	Field	Description
static final String	AUTHORIZATION_HEADER

Constructor Summary

Constructors

Constructor	Description
HttpJwtRetriever(String clientId, String clientSecret, String scope, SSLSocketFactory sslSocketFactory, String tokenEndpointUrl, long loginRetryBackoffMs, long loginRetryBackoffMaxMs, Integer loginConnectTimeoutMs, Integer loginReadTimeoutMs, boolean urlencodeHeader)

Method Summary

Modifier and Type	Method	Description
static String	post(HttpURLConnection con, Map<String,String> headers, String requestBody, Integer connectTimeoutMs, Integer readTimeoutMs)
String	retrieve()	Retrieves a JWT access token in its serialized three-part form.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.kafka.common.security.oauthbearer.internals.secured.OAuthBearerConfigurable

close, configure

Field Details

AUTHORIZATION_HEADER

public static final String AUTHORIZATION_HEADER

See Also:

• Constant Field Values

Constructor Details

HttpJwtRetriever

public HttpJwtRetriever(String clientId,
 String clientSecret,
 String scope,
 SSLSocketFactory sslSocketFactory,
 String tokenEndpointUrl,
 long loginRetryBackoffMs,
 long loginRetryBackoffMaxMs,
 Integer loginConnectTimeoutMs,
 Integer loginReadTimeoutMs,
 boolean urlencodeHeader)

Method Details

retrieve

public String retrieve()
                throws org.apache.kafka.common.security.oauthbearer.JwtRetrieverException

Retrieves a JWT access token in its serialized three-part form. The implementation is free to determine how it should be retrieved but should not perform validation on the result. Note: This is a blocking function and callers should be aware that the implementation communicates over a network. The facility in the LoginModule from which this is ultimately called does not provide an asynchronous approach.

Specified by:

retrieve in interface org.apache.kafka.common.security.oauthbearer.JwtRetriever

Returns:

Non-null JWT access token string

Throws:

org.apache.kafka.common.security.oauthbearer.JwtRetrieverException - Thrown on errors related to IO during retrieval

post

public static String post(HttpURLConnection con,
 Map<String,String> headers,
 String requestBody,
 Integer connectTimeoutMs,
 Integer readTimeoutMs)
                   throws IOException,
org.apache.kafka.common.security.oauthbearer.internals.secured.UnretryableException

Throws:

IOException

org.apache.kafka.common.security.oauthbearer.internals.secured.UnretryableException