Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • SCRAM is a suitable mechanism for authentication using delegation tokens. KIP-84 proposes to support  SASL SCRAM mechanisms. Kafka clients authenticate using SCRAM-SHA-256, providing the delegation token
    HMAC as password.

  • Server will look up the token from its token cache, if it finds a match and token is not expired it will authenticate the client and the identity will be established as the owner of the delegation token.

  • If the token is not matched or token is expired, broker throws appropriate exception back and does not allow the client to continue.

...