Chapter 2. Enhancements
AMQ Streams 2.4 adds a number of enhancements.
2.1. Kafka 3.4.0 enhancements
For an overview of the enhancements introduced with Kafka 3.4.0, refer to the Kafka 3.4.0 Release Notes.
2.2. OAuth 2.0 configuration for HTTP requests
You can now use configuration to control HTTP requests to an OAuth 2.0 authorization server.
If you are creating a listener for your Kafka brokers that uses OAuth 2.0 authentication or authorization, you can add the following properties to the listener configuration:
-
httpRetries
to control the maximum number of times to retry a failed HTTP request to the authorization server. -
httpRetryPauseMs
to control the time to wait in milliseconds before attempting another retry of a failed HTTP request to the authorization server.
Example listener configuration
sasl.enabled.mechanisms=OAUTHBEARER listeners=CLIENT://0.0.0.0:9092 listener.security.protocol.map=CLIENT:SASL_PLAINTEXT listener.name.client.sasl.enabled.mechanisms=OAUTHBEARER sasl.mechanism.inter.broker.protocol=OAUTHBEARER inter.broker.listener.name=CLIENT listener.name.client.oauthbearer.sasl.server.callback.handler.class=io.strimzi.kafka.oauth.server.JaasServerOauthValidatorCallbackHandler listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required ; listener.name.client.oauthbearer.sasl.login.callback.handler.class=io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler listener.name.client.oauthbearer.sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \ # ... oauth.token.endpoint.uri="https://AUTH-SERVER-ADDRESS/auth/realms/REALM-NAME/protocol/openid-connect/token" \ oauth.custom.claim.check="@.custom == 'custom-value'" \ oauth.scope="SCOPE" \ oauth.check.audience="true" \ oauth.audience="AUDIENCE" \ oauth.valid.issuer.uri="https://https://AUTH-SERVER-ADDRESS/auth/REALM-NAME" \ oauth.client.id="kafka-broker" \ oauth.client.secret="kafka-broker-secret" \ oauth.connect.timeout.seconds=60 \ oauth.read.timeout.seconds=60 \ oauth.http.retries=2 \ oauth.http.retry.pause.millis=300 \ oauth.groups.claim="$.groups" \ oauth.groups.claim.delimiter="," ;
See the following: