GithubHelp home page GithubHelp logo

isabella232 / pulsar-client-plugin Goto Github PK

View Code? Open in Web Editor NEW

This project forked from kafkaesque-io/pulsar-client-plugin

0.0 0.0 0.0 40 KB

Pulsar client plugin for auth0, aws cognito, and etc.

License: Apache License 2.0

Java 100.00%

pulsar-client-plugin's Introduction

pulsar-client-plugin

Pulsar client plugin for auth0 and AWS Cognito authentication.

The Jar artifact is loaded on GitHub package registry.

In .m2/settings.xml,

<repositories>
  <repository>
    <id>github</id>
    <url>https://maven.pkg.github.com/kafkaesque-io/pulsar-client-plugin</url>
  </repository>
</repositories>

<servers>
  <server>
    <id>github</id>
    <username>GITHUB_USERNAME</username>
    <password>GITHUB_TOKEN</password>
  </server>
</servers>

In pom.xml,

<dependency>
  <groupId>io.kafkaesque.pulsar</groupId>
  <artifactId>pulsar-client-plugin</artifactId>
  <version>0.0.8</version>
</dependency>

auth0 integration

Integration of auth0 enables Pulsar client authenticated against auth0 backend instead of the default Pulsar token. The authentication follows the recommended M2M flow.

Auth0 integration consists of the client side plugin and a broker auth plugin. The client plugin generates an auth0 JWT, which in turn can be authenticated and authorized by the broker side. The broker plugin has to be configured on Pulsar and is not part of this repo. Please contact Kafkaesque to enable the broker side plugin.

Java Client example:

String domain = "https://<your auth0 domain>.auth0.com/oauth/token";
String clientId = "";
String clientSecret = "";
String audience = "https://useast2.aws.kafkaesque.io";

// Create client object
PulsarClient client = PulsarClient.builder()
                .serviceUrl(SERVICE_URL)
                .authentication(
                    AuthFactory.auth0(domain, clientId, clientSecret, audience)
                )
                .build();

AWS Cognito integration

Integration of AWS Cognito enables Pulsar client authenticated against AWS Cognito. The authentication flow requires creation of Cognito user pool and App client. The App client must allow Client credential OAuth flow, and specify custome scopes for OAuth 2.0 grants. Here is a good example explaining machine to machine authentication with Cognito.

The client plugin enables client credential to exchange an access token following the Cognito deverloper's guide. Under the hood, we will use client_credentials as grant_type. Scope must be preconfigured under the a User Pool's resource server and enabled by checking off App client's OAuth2 Allowed Custom Scopes. This can be done via AWS CLI or console. The scope name will be used for authorization.

Resource server's identifier and client Id, that becomes sub in the Cognito JWT, can be used for whitelist verification on the Pulsar broker side's authentication.

Cognito integration consists of the client side plugin and a broker auth plugin. The client plugin generates an access token, which in turn can be authenticated and authorized by the broker side. The broker plugin has to be configured on Pulsar and is not part of this repo. Please contact Kafkaesque to enable the broker side plugin.

Java Client example:

String domain = "https://<your domain>.auth.us-east-2.amazoncognito.com/oauth2/token";
String clientId = "";
String clientSecret = "";
String scope = "kafkaesque.io/ming.pulsar";

// Create client object
PulsarClient client = PulsarClient.builder()
                .serviceUrl(SERVICE_URL)
                .authentication(
                    AuthFactory.cognito(domain, clientId, clientSecret, scope)
                )
                .build();

pulsar-client-plugin's People

Contributors

cdbartholomew avatar dependabot[bot] avatar zzzming avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.