Configure clients on an application level

Learn how to configure client authentication using delegation tokens on an application level.

With this configuration method, you can set up all clients within a JVM to use the same delegation token for authentication.

  1. Add a KafkaClient entry with a login module item to your JAAS configuration file.
    The module has to specify the username, password and tokenauth options.

    Example Configuration:

    KafkaClient {
    org.apache.kafka.common.security.scram.ScramLoginModule  required
        username="tokenID"
        password="lAYYSFmLs4bTjf+lTZ1LCHR/ZZFNA=="
        tokenauth="true";
    }
    

    The username and password options specify the token ID and token HMAC. The tokenauth option expresses the intent to use token authentication to the server.

  2. Configure the following properties for your clients.
    These properties are added to producer.properties or consumer.properties file that the client uses.
    security.protocol=SASL_SSL
    sasl.mechanism=SCRAM-SHA-256
  3. Pass the location of your JAAS configuration file as a JVM parameter through a command line interface.
    This sets the JAAS configuration on the Java process level.
    export KAFKA_OPTS="-Djava.security.auth.login.config=[PATH_TO_JAAS.CONF]"