What is SaslAuthenticate?
Carries the raw SASL exchange bytes after SaslHandshake, with content specific to the mechanism (GSSAPI token, OAUTHBEARER JWT, SCRAM challenge-response, etc.). The response includes session lifetime for token-based mechanisms like OAUTHBEARER, so the client knows when to re-authenticate.
Wire Diagram
Response Header · flexible
message_size
int32 · 4B
correlation_id
int32 · 4B
tagged
var
SaslAuthenticateResponse v2
ErrorCode
int16 · 2B
ErrorMessage?
string (compact)
AuthBytes
bytes (compact)
SessionLifetimeMs
int64 · 8B
tagged
var
Schema & Example
Schema { "ErrorCode": int16, "ErrorMessage": string?, "AuthBytes": bytes, "SessionLifetimeMs": int64 }
Example { "ErrorCode": 0, "ErrorMessage": "NETWORK_EXCEPTION", "AuthBytes": "<binary>", "SessionLifetimeMs": 0 }