What is SaslAuthenticate?
Carries the raw SASL exchange bytes after SaslHandshake, with content specific to the mechanism (GSSAPI token, OAUTHBEARER JWT, SCRAM challenge-response, etc.). The response includes session lifetime for token-based mechanisms like OAUTHBEARER, so the client knows when to re-authenticate.
Wire Diagram
Response Header
message_size
int32 · 4B
correlation_id
int32 · 4B
SaslAuthenticateResponse v1
ErrorCode
int16 · 2B
ErrorMessage?
string
AuthBytes
bytes
SessionLifetimeMs
int64 · 8B
Schema & Example
Schema { "ErrorCode": int16, "ErrorMessage": string?, "AuthBytes": bytes, "SessionLifetimeMs": int64 }
Example { "ErrorCode": 0, "ErrorMessage": null, "AuthBytes": "<binary>", "SessionLifetimeMs": 0 }