apache-kafkaoauth-2.0oauthazure-active-directoryproducer-consumer

How to use C#/C++/librdkafka with OIDC and Azure AD as token provider for OAUTHBEARER in apache kafka?


I try to use C# to produce message to Apache Kafka. But I notice there are a config called sasl.login.callback.handler.class which should be configured in kafka producer client. But I can't find the right place to configure it. Anyone can help? Thanks a lot!

I notice producer client using C# is related to C++/librdkafka. So I add them in titile. I can't find sasl.login.callback.handler.class in librdkafka(https://github.com/confluentinc/librdkafka/blob/master/CONFIGURATION.md).

Here are my config:

private ProducerConfig _config = new ProducerConfig();
_config.BootstrapServers = server;
_config.ClientId = clientId;
_config.SecurityProtocol = SecurityProtocol.SaslPlaintext;
_config.SaslMechanism = SaslMechanism.OAuthBearer;
_config.SaslOauthbearerClientId = "MyClientId";
_config.SaslOauthbearerClientSecret = "MyClientSecret";
_config.SaslOauthbearerScope = "ServerClientId/.default";
_config.SaslOauthbearerTokenEndpointUrl = "https://login.microsoftonline.com/MyTenantId/oauth2/v2.0/token";

Need find a solution using C#/C++ to produce msg with OAuth AAD token to Apache Kafka.


Solution

  • I have found the solution.

    librdkafka doesn't need to set sasl.login.callback.handler.class but need to set sasl.oauthbearer.method to OIDC.

    I have tested using C# and it works.

    Here are my configs about OAuth AAD:

    private ProducerConfig producerConfig = new ProducerConfig();
    producerConfig.SaslMechanism = SaslMechanism.OAuthBearer;
    producerConfig.SecurityProtocol = SecurityProtocol.SaslPlaintext;
    producerConfig.SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc;
    producerConfig.SaslOauthbearerClientId = YourClientId;
    producerConfig.SaslOauthbearerClientSecret = YourClientSecret;
    producerConfig.SaslOauthbearerScope = "ServerTenantId/.default";
    producerConfig.SaslOauthbearerTokenEndpointUrl = "https://login.microsoftonline.com/YourTenantId/oauth2/v2.0/token";