Kafka Configs Kafka Protocol Wire Format API Versions KIPs Errors Kafka Upgrade Config Advisor Flink SQL
conduktor.io ↗

Kafka CreateDelegationToken Response Wire Format v2 — Binary Protocol Layout

What is CreateDelegationToken?

Issues short-lived tokens that replace static SASL credentials, suited for job schedulers and ephemeral services. Tokens can be distributed to workers via a secure channel, eliminating the need to share the actual Kerberos keytab or SCRAM password.

Related Errors

DELEGATION_TOKEN_AUTHORIZATION_FAILED · DELEGATION_TOKEN_REQUEST_NOT_ALLOWED · INVALID_PRINCIPAL_TYPE

Wire Diagram

Response Header · flexible
message_size int32 · 4B
correlation_id int32 · 4B
tagged var
CreateDelegationTokenResponse v2
ErrorCode int16 · 2B
PrincipalType string (compact)
PrincipalName string (compact)
IssueTimestampMs int64 · 8B
ExpiryTimestampMs int64 · 8B
MaxTimestampMs int64 · 8B
TokenId string (compact)
Hmac bytes (compact)
ThrottleTimeMs int32 · 4B
tagged var

Schema & Example

Schema
{
  "ErrorCode": int16,
  "PrincipalType": string,
  "PrincipalName": string,
  "IssueTimestampMs": int64,
  "ExpiryTimestampMs": int64,
  "MaxTimestampMs": int64,
  "TokenId": string,
  "Hmac": bytes,
  "ThrottleTimeMs": int32
}
Example
{
  "ErrorCode": 0,
  "PrincipalType": "User:alice",
  "PrincipalName": "User:alice",
  "IssueTimestampMs": 0,
  "ExpiryTimestampMs": 0,
  "MaxTimestampMs": 0,
  "TokenId": "abc-123",
  "Hmac": "<binary>",
  "ThrottleTimeMs": 0
}