[client authentication] add authentication client with oauth2 support #7420
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jiazhai
added
area/security
doc-required
Member
Author
|
/pulsarbot run-failure-checks |
Member
Author
|
/pulsarbot run-failure-checks |
sijie
approved these changes
Jul 2, 2020
Member
sijie
left a comment
sijie
left a comment
There was a problem hiding this comment.
overall looks good! a small comment is to move the documentation to the website.
| @@ -0,0 +1,94 @@ | |||
| # Pulsar Client Authentication Plugin for OAuth 2.0 | |||
Merged
jiazhai
added a commit
that referenced
this pull request
Jul 9, 2020
### Motivation #7420 provides an Oauth2 auth client for java. This PR tries to support it in cpp client ### Modifications - add implementation - add related tests.
jiazhai
pushed a commit
that referenced
this pull request
Jul 9, 2020
fixes #7425 ### Motivation Pulsar supports authenticating clients using OAuth 2.0 access tokens. the related code is updated as shown in this PR: #7420. Update the related pulsar doc. ### Modifications In security section: add Authentication using OAuth 2.0 access tokens Java client: add an example about Oauth authentication sidebar: update the sidebar document.
wolfstudy
pushed a commit
that referenced
this pull request
Jul 29, 2020
…#7420) ### Motivation Pulsar supports authenticating clients using OAuth 2.0 access tokens. You can use tokens to identify a Pulsar client and associate with some "principal" (or "role") that is permitted to do some actions (eg: publish to a topic or consume from a topic). This module is to support Pulsar Client Authentication Plugin for OAuth 2.0 directly. Client side communicate with Oauth 2.0 server, then the client will get an `access token` from Oauth 2.0 server, and will pass this `access token` to Pulsar broker to do the authentication. So the Broker side could still use `org.apache.pulsar.broker.authentication.AuthenticationProviderToken`, also user can add their own `AuthenticationProvider` to work with this module. ### Modifications - add related code; - add related test; - add related doc. The init of this client authentication module would be like: ```java Authentication oauth2Authentication = AuthenticationFactoryOAuth2.clientCredentials( new URL("https://dev-kt-aa9ne.us.auth0.com/oauth/token"), new URL("file:///path/to/credential/file.json"), // key file path "https://dev-kt-aa9ne.us.auth0.com/api/v2/" ); PulsarClient client = PulsarClient.builder() .serviceUrl("pulsar://broker.example.com:6650/") .authentication(oauth2Authentication) .build(); ``` ### Verifying this change tests passed. (cherry picked from commit 768813e)
wolfstudy
pushed a commit
that referenced
this pull request
Jul 29, 2020
fixes #7425 ### Motivation Pulsar supports authenticating clients using OAuth 2.0 access tokens. the related code is updated as shown in this PR: #7420. Update the related pulsar doc. ### Modifications In security section: add Authentication using OAuth 2.0 access tokens Java client: add an example about Oauth authentication sidebar: update the sidebar document. (cherry picked from commit 6726072)
wolfstudy
pushed a commit
that referenced
this pull request
Jul 29, 2020
huangdx0726
pushed a commit
to huangdx0726/pulsar
that referenced
this pull request
Aug 24, 2020
…apache#7420) ### Motivation Pulsar supports authenticating clients using OAuth 2.0 access tokens. You can use tokens to identify a Pulsar client and associate with some "principal" (or "role") that is permitted to do some actions (eg: publish to a topic or consume from a topic). This module is to support Pulsar Client Authentication Plugin for OAuth 2.0 directly. Client side communicate with Oauth 2.0 server, then the client will get an `access token` from Oauth 2.0 server, and will pass this `access token` to Pulsar broker to do the authentication. So the Broker side could still use `org.apache.pulsar.broker.authentication.AuthenticationProviderToken`, also user can add their own `AuthenticationProvider` to work with this module. ### Modifications - add related code; - add related test; - add related doc. The init of this client authentication module would be like: ```java Authentication oauth2Authentication = AuthenticationFactoryOAuth2.clientCredentials( new URL("https://dev-kt-aa9ne.us.auth0.com/oauth/token"), new URL("file:///path/to/credential/file.json"), // key file path "https://dev-kt-aa9ne.us.auth0.com/api/v2/" ); PulsarClient client = PulsarClient.builder() .serviceUrl("pulsar://broker.example.com:6650/") .authentication(oauth2Authentication) .build(); ``` ### Verifying this change tests passed.
huangdx0726
pushed a commit
to huangdx0726/pulsar
that referenced
this pull request
Aug 24, 2020
### Motivation apache#7420 provides an Oauth2 auth client for java. This PR tries to support it in cpp client ### Modifications - add implementation - add related tests.
huangdx0726
pushed a commit
to huangdx0726/pulsar
that referenced
this pull request
Aug 24, 2020
fixes apache#7425 ### Motivation Pulsar supports authenticating clients using OAuth 2.0 access tokens. the related code is updated as shown in this PR: apache#7420. Update the related pulsar doc. ### Modifications In security section: add Authentication using OAuth 2.0 access tokens Java client: add an example about Oauth authentication sidebar: update the sidebar document.
Anonymitaet
added
doc-complete
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Pulsar supports authenticating clients using OAuth 2.0 access tokens. You can use tokens to identify a Pulsar client and associate with some "principal" (or "role") that is permitted to do some actions (eg: publish to a topic or consume from a topic).
This module is to support Pulsar Client Authentication Plugin for OAuth 2.0 directly. Client side communicate with Oauth 2.0 server, then the client will get an
access tokenfrom Oauth 2.0 server, and will pass thisaccess tokento Pulsar broker to do the authentication.So the Broker side could still use
org.apache.pulsar.broker.authentication.AuthenticationProviderToken,also user can add their own
AuthenticationProviderto work with this module.Modifications
The init of this client authentication module would be like:
Verifying this change
tests passed.