KIP-342 — Add support for custom SASL extensions in OAuthBearer authentication
Accepted Kafka 2.1 Security
Adds a pluggable SASL extensions mechanism for the OAuthBearer authentication protocol, allowing clients to attach arbitrary key-value pairs to the `SASL/OAUTHBEARER` `ClientInitialResponse` message. Existing SASL extensions in SCRAM are hard-coded for delegation tokens; OAuthBearer clients receiving third-party JWT tokens cannot add custom claims to the token and have no other channel to pass auxiliary data to a custom server-side callback.
Details
| Author | Stanislav Kozlovski |
| Status | Accepted |
| Kafka Version | 2.1 |
| JIRA | KAFKA-7169 |
| Wiki | View on Apache Wiki |
| Created | 2018-07-16 |
| Last Modified | 2018-08-14 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.