The Kafka OAuth demo shows how a customer can authenticate their client via OAuth2 to Kafka and how they can read data from a Kafka topic using the Kafka consumer API.
This is only a sample without support and liability to its correctness!
The code is based on java version 21 and gradle. Required dependencies:
- gradle shadow plugin
- apache kafka-clients
- jose4j (see also KIP-1139)
- jackson-databind (runtimeOnly)
- log4j2
- apache commons-cli
you can use the gradle shadowJar task to build an executable jarfile:
gradle shadowJarIn this example we assume to use Let’s Encrypt CA for SSL/TLS certificates. These certificates are usually included in the default truststore of java environment. If not, please update your java version.
To use the sample please change at least the following configurations of the consumer.properties file.
# use the correct bootstrap url for your region
bootstrap.servers=BOOTSTRAP_URL
# if you are an MBCon customer, use the received client name as the prefix. eg: '<client name>.GROUP_ID_POSTFIX_OF_YOUR_CHOICE':
group.id=CONSUMER_GROUP
# use the correct token API url for your region:
sasl.oauthbearer.token.endpoint.url=OAUTH_TOKEN_API_URL
# if you are an MBCon customer, use the clientId and clientSecret you have received along with the correct scope for your region:
sasl.oauthbearer.client.credentials.client.id=YOUR_CLIENT_ID
sasl.oauthbearer.client.credentials.client.secret=YOUR_CLIENT_SECRET
sasl.oauthbearer.scope=SCOPEAfter preparation, you can start the demo with
java '-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls=<OAUTH_TOKEN_API_URL>' -jar build/libs/java-0.1.0-all.jar -t <YOUR_TOPIC_NAME>And note that, for the Kafka client version 4 and newer, the token URL must be explicitly repeated in the shown property.
Copyright 2024-2025 Mercedes-Benz Connectivity Services GmbH