We would like to connect to the external Kafka cluster via OAuth 2.0 OpenID Connect authentication.
As per the below article, we didn’t see any option for OAuth 2.0 authentication in kafka rule instance.
Is it possible to authenticate via OAuth 2.0 open id connect authentication in Pega via Kafka rule instance?
@Vaisakh.V.A I don’t think that is possible with pega ootb kafka instance. We can maintain enough security with broker details, SSL or SASL and property file.
OAuth 2.0 security mechanism is not currently supported for the Stream services and not in the roadmap for future releases as well.
OAuth 2.0 is supported for Data-Admin-Kafka instances in Infinity’23 version which is currently available, as this version has Kafka-clients library 3.4.0 version that supports the latest OAuth2 client properties.
INC-A13763
@Vaisakh.V.A please could you hit the ‘Accept Solution’ link against the answer that resolved your question?
Thanks for the reply. Could you please share the client properties which can be used for OAuth 2.0 authentication in kafka instance?
@Vaisakh.V.A I haven’t tried, but referencing the documentation from Confluent.
In the data instance, give Host and Port address as your Bootstrap Server and associated port, and give below information in your propeties file. The main differenciator is sasl.mechanism=OAUTHBEARER
security.protocol=SASL_SSL
sasl.oauthbearer.token.endpoint.url=https://myidp.example.com/oauth2/default/v1/token
sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler
sasl.mechanism=OAUTHBEARER
sasl.jaas.config=
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
clientId=‘’
scope=‘’
clientSecret=‘’
extension_logicalCluster=‘’
extension_identityPoolId=‘’;