THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
ExpireTokenRequest
Code Block |
---|
ExpireTokenRequest => HMAC HMAC => bytes |
ExpireTokenResponse
Code Block |
---|
ExpireTokenResponse => ErrorCode ErroCode => INT32 |
Possible Error Codes
* AuthorizationException ()
Configuration options
The following options will be added to KafkaConfig.java
and can be configured as properties for Kafka server:
delegation.token.max.lifetime.sec : The token has a maximum lifetime beyond which it cannot be renewed any more. Default value 7 days.
delegation.token.expiry.time.sec : The token validity time in seconds before the token needs to be renewed. Default value 1 day.
delegation.token.master.key : secret/masterKey to generate and verify delegation tokens. This masterkey needs to be configured with all the brokers.
Proposed Changes
Token acquisition
...
KIP-85 allows dynamic JAAS configuration for Kafka clients. After this we can easily configure the
delegation token for SCRAM-SHA-256 authentication.
Example Usage
Below diagram shows the steps required to use the delegation tokens.
Alternatives
Originally we considered to not have any shared Secret at config level. This required us to chose one of the 3 options:
...