You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2021/07/09 09:43:08 UTC

[GitHub] [camel-quarkus] zbendhiba commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2

zbendhiba commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666820242



##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
         <netty3.version>${netty3-version}</netty3.version><!-- Spark -->
         <minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
         <mvel2.version>${mvel-version}</mvel2.version>
-        <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+        <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->

Review comment:
       Okay. It's not a kafka client pom, but usage of Strimzi, with oAuth2. The dependency is added for this purpose only : https://quarkus.io/guides/kafka#authenticating-with-oauth
    
   That bug will maybe appear too on the Camel-K side, since they're using the Strimzi-oauth-client too.
   When upgrading the client from 0.7.x to 0.8.x, the Strimzi oAuth client moves from Keyclock to Nimbus jose. so this configuration fails to start.
   
   ```
   camel.component.kafka.security-protocol = SASL_SSL
   camel.component.kafka.sasl-mechanism = OAUTHBEARER
   camel.component.kafka.sasl-jaas-config = org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
           oauth.client.id="<YOUR-SERVICE-ACCOUNT-ID-HERE>" \
          oauth.client.secret="<YOUR-SERVICE-ACCOUNT-SECRET-HERE>" \
          oauth.token.endpoint.uri="<TOKEN_ENDPOINT_URI>" ;
   camel.component.kafka.additional-properties[sasl.login.callback.handler.class] = io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
   ```
   And when I checked that version we have is way too old. I was wondering if we can't just push this one just for hdfs purpose ? 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org