What is CreateDelegationToken?
Issues short-lived tokens that replace static SASL credentials, suited for job schedulers and ephemeral services. Tokens can be distributed to workers via a secure channel, eliminating the need to share the actual Kerberos keytab or SCRAM password.
| Version | Kafka | Changes |
|---|---|---|
| CreateDelegationTokenRequest | ||
| v1 | 2.2 | is the same as version 0. |
| v2 | 2.4 | ~ Flexible encoding enabled FLEXIBLE is the first flexible version. |
| v3 | 3.3 | + OwnerPrincipalType string+ OwnerPrincipalName stringadds owner principal |
| CreateDelegationTokenResponse | ||
| v1 | 2.2 | on quota violation, brokers send out responses before throttling. |
| v2 | 2.4 | ~ Flexible encoding enabled FLEXIBLE is the first flexible version. |
| v3 | 3.3 | + TokenRequesterPrincipalType string+ TokenRequesterPrincipalName stringadds token requester details |