Connecting to Schema Registry with JWT Token or OAuth2
In this exercise, we continue configuring our Kafka application that uses AVRO schema. We already configured our producer and consumer to use OAuth2. Now we configure the connection to the schema registry to use a JWT Token or OAuth2. The videos demonstrate this using a client.properties file.
The example uses the following code:
- KSN-Training/src/main/java/sn_training/Schema/KAVROProducer.java
- KSN-Training/src/main/java/sn_training/Schema/KAVROConsumer.java
- KSN-Training/src/main/java/sn_training/resources/client.properties.schema
For an example configuring the schema connection using a JWT Token or OAuth2 directly in the Java code, see SchemaV2.
You should have already updated client.properties.schema file so topic1 uses your student id (e.g. kafkastudent3-schemainput).
Make the following changes to client.properties.schema to convert your application to connect to the Kafka schema registry using a JWT token:
- edit schema.registry.url to point to the same endpoint as the KSN bootstrap.server, using https and /kafka without a port number (e.g https://pc-182d65af.aws-use2-production-snci-pool-kid.streamnative.aws.snio.cloud/kafka)
- edit basic.auth.user.into to be formatted as “public:<PASTE JWT TOKEN HERE>”
Please reference SchemaV2 if you would like an example of configuring schema registry with Kafka directly in the Java code.
It’s also possible to connect to the Kafka schema registry using OAuth2.
Make the following changes to client.properties.schema to convert your application to connect to the Kafka schema registry using OAuth2:
- edit schema.registry.url to point to the same endpoint as the KSN bootstrap.server, using https and /kafka without a port number (e.g https://pc-182d65af.aws-use2-production-snci-pool-kid.streamnative.aws.snio.cloud/kafka), same as when connecting with a JWT Token
- edit basic.auth.credentials.source to be CUSTOM instead of USER_INFO
- edit basic.auth.user.info to be formatted as public:<PASTE JWT TOKEN HERE>
- add bearer.auth.custom.provider.class=io.streamnative.pulsar.handlers.kop.security.oauth.schema.OauthCredentialProvider
- add tenant=”public” to your sasl.jass.config, this refers to the tenant used for schema registry and should remain as public even when using multi-tenancy later in the course
If you are editing your own code, you will need to import the following into your Producer and Consumer Java code:
import io.streamnative.pulsar.handlers.kop.security.oauth.schema.OauthCredentialProvider;
Please reference SchemaV2 if you would like an example of configuring schema registry with KSN directly in the Java code.
The following versions or greater are required when connecting to the schema registry with OAuth2.
Maven
<dependencies>
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>3.4.0</version>
</dependency>
<dependency>
<groupId>io.streamnative.pulsar.handlers</groupId>
<artifactId>oauth-client</artifactId>
<version>3.1.0.4</version>
</dependency>
<dependency>
<groupId>io.confluent</groupId>
<artifactId>kafka-avro-serializer</artifactId>
<version>7.5.0</version>
</dependency>
</dependencies>
<repositories>
<repository>
<id>confluent</id>
<url>https://packages.confluent.io/maven/</url>
</repository>
</repositories>
Gradle
dependencies {
implementation group: ‘org.apache.kafka’, name: ‘kafka-clients’, version: ‘3.4.0’
implementation group: ‘io.streamnative.pulsar.handlers’, name: ‘oauth-client’, version: ‘3.1.0.4’
implementation group: ‘io.confluent’, name: ‘kafka-avro-serializer’, version: ‘7.5.0’
}
repositories {
maven {
url “https://packages.confluent.io/maven/”
}
}