Examples with OAuthBearerToken org.apache.kafka.common.security.oauthbearer.OAuthBearerToken used on opensource projects

Example 11 with OAuthBearerToken

use of org.apache.kafka.common.security.oauthbearer.OAuthBearerToken in project kafka by apache.

the class OAuthBearerLoginCallbackHandler method handleTokenCallback.

private void handleTokenCallback(OAuthBearerTokenCallback callback) throws IOException {
    checkInitialized();
    String accessToken = accessTokenRetriever.retrieve();
    try {
        OAuthBearerToken token = accessTokenValidator.validate(accessToken);
        callback.token(token);
    } catch (ValidateException e) {
        log.warn(e.getMessage(), e);
        callback.error("invalid_token", e.getMessage(), null);
    }
}

Example 12 with OAuthBearerToken

use of org.apache.kafka.common.security.oauthbearer.OAuthBearerToken in project kafka by apache.

the class OAuthBearerSaslServerTest method clientInitialResponse.

private byte[] clientInitialResponse(String authorizationId, boolean illegalToken, Map<String, String> customExtensions) throws OAuthBearerConfigException, IOException, UnsupportedCallbackException {
    OAuthBearerTokenCallback callback = new OAuthBearerTokenCallback();
    LOGIN_CALLBACK_HANDLER.handle(new Callback[] { callback });
    OAuthBearerToken token = callback.token();
    String compactSerialization = token.value();
    String tokenValue = compactSerialization + (illegalToken ? "AB" : "");
    return new OAuthBearerClientInitialResponse(tokenValue, authorizationId, new SaslExtensions(customExtensions)).toBytes();
}

Example 13 with OAuthBearerToken

use of org.apache.kafka.common.security.oauthbearer.OAuthBearerToken in project kafka by apache.

the class OAuthBearerValidatorCallbackHandlerTest method testBasic.

@Test
public void testBasic() throws Exception {
    String expectedAudience = "a";
    List<String> allAudiences = Arrays.asList(expectedAudience, "b", "c");
    AccessTokenBuilder builder = new AccessTokenBuilder().audience(expectedAudience).jwk(createRsaJwk()).alg(AlgorithmIdentifiers.RSA_USING_SHA256);
    String accessToken = builder.build();
    Map<String, ?> configs = getSaslConfigs(SASL_OAUTHBEARER_EXPECTED_AUDIENCE, allAudiences);
    OAuthBearerValidatorCallbackHandler handler = createHandler(configs, builder);
    try {
        OAuthBearerValidatorCallback callback = new OAuthBearerValidatorCallback(accessToken);
        handler.handle(new Callback[] { callback });
        assertNotNull(callback.token());
        OAuthBearerToken token = callback.token();
        assertEquals(accessToken, token.value());
        assertEquals(builder.subject(), token.principalName());
        assertEquals(builder.expirationSeconds() * 1000, token.lifetimeMs());
        assertEquals(builder.issuedAtSeconds() * 1000, token.startTimeMs());
    } finally {
        handler.close();
    }
}

Example 14 with OAuthBearerToken

use of org.apache.kafka.common.security.oauthbearer.OAuthBearerToken in project kafka by apache.

the class ValidatorAccessTokenValidatorTest method testEncryptionAlgorithm.

private void testEncryptionAlgorithm(PublicJsonWebKey jwk, String alg) throws Exception {
    AccessTokenBuilder builder = new AccessTokenBuilder().jwk(jwk).alg(alg);
    AccessTokenValidator validator = createAccessTokenValidator(builder);
    String accessToken = builder.build();
    OAuthBearerToken token = validator.validate(accessToken);
    assertEquals(builder.subject(), token.principalName());
    assertEquals(builder.issuedAtSeconds() * 1000, token.startTimeMs());
    assertEquals(builder.expirationSeconds() * 1000, token.lifetimeMs());
    assertEquals(1, token.scope().size());
}

Example 15 with OAuthBearerToken

use of org.apache.kafka.common.security.oauthbearer.OAuthBearerToken in project kafka by apache.

the class BasicOAuthBearerTokenTest method noErrorIfModifyScope.

@Test
public void noErrorIfModifyScope() {
    // Start with a basic set created by the caller.
    SortedSet<String> callerSet = new TreeSet<>(Arrays.asList("a", "b", "c"));
    OAuthBearerToken token = new BasicOAuthBearerToken("not.valid.token", callerSet, 0L, "jdoe", 0L);
    // Make sure it all looks good
    assertNotNull(token.scope());
    assertEquals(3, token.scope().size());
    // Add a value to the caller's set and note that it changes the token's scope set.
    // Make sure to make it read-only when it's passed in.
    callerSet.add("d");
    assertTrue(token.scope().contains("d"));
    // Similarly, removing a value from the caller's will affect the token's scope set.
    // Make sure to make it read-only when it's passed in.
    callerSet.remove("c");
    assertFalse(token.scope().contains("c"));
    // Ensure that attempting to change the token's scope set directly will not throw any error.
    token.scope().clear();
}