You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/02/04 06:55:59 UTC

[GitHub] [pulsar] lhotari commented on a change in pull request #13951: [OAuth2] Enable configurable early token refresh in Java Client

lhotari commented on a change in pull request #13951:
URL: https://github.com/apache/pulsar/pull/13951#discussion_r799207153



##########
File path: pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/AuthenticationOAuth2.java
##########
@@ -31,31 +34,77 @@
 import org.apache.pulsar.client.api.EncodedAuthenticationParameterSupport;
 import org.apache.pulsar.client.api.PulsarClientException;
 import org.apache.pulsar.client.impl.AuthenticationUtil;
+import org.apache.pulsar.client.impl.Backoff;
+import org.apache.pulsar.client.impl.BackoffBuilder;
 import org.apache.pulsar.client.impl.auth.oauth2.protocol.TokenResult;
 
 /**
  * Pulsar client authentication provider based on OAuth 2.0.
+ *
+ * The first call to {@link #getAuthData()} will result in a blocking network call to retrieve the OAuth2.0 token from
+ * the Identity Provider. After that, there are two behaviors, depending on {@link #earlyTokenRefreshPercent}:
+ *
+ * 1. If {@link #earlyTokenRefreshPercent} is less than 1, this authentication class will schedule a runnable to refresh
+ * the token in n seconds where n is the result of multiplying {@link #earlyTokenRefreshPercent} and the `expires_in`
+ * value returned by the Identity Provider. If the call to the Identity Provider fails, this class will retry attempting
+ * to refresh the token using an exponential backoff. If the token is not refreshed before it expires, the Pulsar client
+ * will make one final blocking call to the Identity Provider. If that call fails, this class will pass the failure to
+ * the Pulsar client. This proactive approach to token management is good for use cases that want to avoid latency
+ * spikes from calls to the Identity Provider and that want to be able to withstand short Identity Provider outages. The
+ * tradeoff is that this class consumes slightly more resources.
+ *
+ * 2. If {@link #earlyTokenRefreshPercent} is greater than or equal to 1, this class will not retrieve a new token until
+ * the {@link #getAuthData()} method is called while the cached token is expired. If the call to the Identity Provider
+ * fails, this class will pass the failure to the Pulsar client. This lazy approach is good for use cases that are not
+ * latency sensitive and that will not use the token frequently.
+ *
+ * {@link #earlyTokenRefreshPercent} must be greater than 0. It defaults to 1, which means that early token refresh is
+ * disabled by default.
+ *
+ * The current implementation of this class can block the calling thread.
+ *
+ * This class is intended to be called from multiple threads, and is therefore designed to be thread-safe.
  */
 @Slf4j
 public class AuthenticationOAuth2 implements Authentication, EncodedAuthenticationParameterSupport {
 
     public static final String CONFIG_PARAM_TYPE = "type";
     public static final String TYPE_CLIENT_CREDENTIALS = "client_credentials";
+    public static final String EARLY_TOKEN_REFRESH_PERCENT = "early_token_refresh_percent";
+    public static final int EARLY_TOKEN_REFRESH_PERCENT_DEFAULT = 1; // feature disabled by default
     public static final String AUTH_METHOD_NAME = "token";
-    public static final double EXPIRY_ADJUSTMENT = 0.9;
     private static final long serialVersionUID = 1L;
+    private static final transient ScheduledThreadPoolExecutor scheduler = new ScheduledThreadPoolExecutor(1);

Review comment:
       This isn't a great solution. The lifecycle of the scheduler/executor will need to be managed. This solution would lead to resource leaks. I looked into ways how to possible solve this problem, but it's not easy. The main reason seems to be that the current API for OAuth2 in the Pulsar client is not great. I didn't find a way to extend it without breaking backwards compatibility. I think it's necessary to redesign the Pulsar client's API for configuring OAuth2 and take these requirements into account. It's more or less a blocker for making progress.
   
   




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org