Package io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth

Class OauthTokenCache

java.lang.Object
io.confluent.kafka.schemaregistry.client.security.bearerauth.oauth.OauthTokenCache
public class OauthTokenCache extends Object

OauthTokenCache is a simple OAuthBearerToken Cache. Users can call isTokenExpired() method to check if cache is expired. If the cache is expired then users can call setCurrentToken(OAuthBearerToken) to set a newly retrieved token.

calculateTokenRenRefreshTime() is the refresh algorithm to calculate token expiry time at time of setting the token, using setCurrentToken(OAuthBearerToken). In order to encourage fetching a new token in advance before the actual token expiration, calculateTokenRenRefreshTime() will try to return a cache expiration time before the token expiration time.

Author:
Varun PV

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final float
    CACHE_EXPIRY_THRESHOLD
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    OauthTokenCache(short cacheExpiryBufferSeconds)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected long
    calculateTokenExpiryTime(org.apache.kafka.common.security.oauthbearer.OAuthBearerToken currentToken)
     
    org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    getCurrentToken()
     
    boolean
    isTokenExpired()
    This method can be used to decide whether we should a network call to OAuth/OIDC provider and get a new token or use existing token in the cache.
    void
    setCurrentToken(org.apache.kafka.common.security.oauthbearer.OAuthBearerToken currentToken)
    This method can be used be to set token right after you fetch the token from the OAuth/OIDC provider.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • CACHE_EXPIRY_THRESHOLD

      public static final float CACHE_EXPIRY_THRESHOLD
      See Also:

  • Constructor Details

    • OauthTokenCache

      public OauthTokenCache(short cacheExpiryBufferSeconds)

  • Method Details

    • getCurrentToken

      public org.apache.kafka.common.security.oauthbearer.OAuthBearerToken getCurrentToken()

    • setCurrentToken

      public void setCurrentToken(org.apache.kafka.common.security.oauthbearer.OAuthBearerToken currentToken)
      This method can be used be to set token right after you fetch the token from the OAuth/OIDC provider. Time of cache expiration is also calculated the moment we set a new token.
      Parameters:
      currentToken - is a newly fetched token from a OAuth/OIDC provider.

    • calculateTokenExpiryTime

      protected long calculateTokenExpiryTime(org.apache.kafka.common.security.oauthbearer.OAuthBearerToken currentToken)

    • isTokenExpired

      public boolean isTokenExpired()
      This method can be used to decide whether we should a network call to OAuth/OIDC provider and get a new token or use existing token in the cache. If this method returns true, then we can fetch a new token and use setCurrentToken(OAuthBearerToken) to update this cache with new token. if this method returns false, then we can use token present in this cache itself.
      Returns:
      boolean value whether this cache is expired or not.