...
Current state: ["DISCUSSION"].
Discussion thread: here
JIRA: KAFKA-1696
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
...
SCRAM messages have an optional extensions field which is a comma-separated list of key=value pairs.
After KIP-84 implementation , an extension will be added to the first client SCRAM message to indicate
that authentication is being requested for a delegation token. This will enable Kafka broker to obtain
credentials and principal using a different code path for delegation tokens.
DelegationToken Client
We will be providing a DelegationToken Client using which users can generate, renew and expire the tokens. This may part of AdminClient implementation (KIP-4).
Code Block | ||||
---|---|---|---|---|
| ||||
public class DelegationClientDelegationTokenClient { public TokenDetails generateToken(List<String> renewers, long maxLifeTime); public boolean renewToken(bytes[] hmac, long expiryTime); public boolean expireToken(bytes[] hmac, long expireTimeStamp); public boolean invalidateToken(bytes[] hmac); public void close(); } |
...