Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow auth property of httpx to be passed to schema registry client #1877

Open
7 tasks
ericdevries opened this issue Dec 18, 2024 · 1 comment
Open
7 tasks

Allow auth property of httpx to be passed to schema registry client #1877

ericdevries opened this issue Dec 18, 2024 · 1 comment
Labels
schema registry

Comments

@ericdevries
Copy link

Description

We have some custom logic to acquire oauth tokens that need to be sent as a header to the schema registry. Unfortunately, the schema registry client only allows for basic auth and ssl auth. We worked around it like this:

class SchemaRegistryClient(ConfluentKafkaSchemaRegistryClient):
    def __init__(self, config: SchemaRegistryConfig):
        config_dict = {
            "url": config.url
        }
        super().__init__(config_dict)

        if config.use_oauth:
            # override httpx client because we cannot configure a custom auth class
            self._rest_client.session = httpx.Client(
                verify=self._rest_client.verify,
                cert=self._rest_client.cert,
                # This is the property that can't be passed along
                auth=AADAuth(OauthClient(scope=urlsplit(config.url).netloc)),
                proxy=self._rest_client.proxy,
                timeout=self._rest_client.timeout,
            )


class AADAuth(httpx.Auth):
    def __init__(self, oauth_client: OauthClient) -> None:
        self._oauth_client = oauth_client

    def auth_flow(self, request: httpx.Request) -> Generator[httpx.Request, httpx.Response, None]:
        token = self._oauth_client.get_token()
        request.headers["Authorization"] = f"Bearer {token}"

        yield request

Allowing the auth property to be passed to the schema registry client would make it a lot more flexible for anything outside of basic auth and certificate auth.

How to reproduce

Checklist

Please provide the following information:

  • confluent-kafka-python and librdkafka version (confluent_kafka.version() and confluent_kafka.libversion()):
  • Apache Kafka broker version:
  • Client configuration: {...}
  • Operating system:
  • Provide client logs (with 'debug': '..' as necessary)
  • Provide broker log excerpts
  • Critical issue
@Claimundefine
Copy link

https://github.com/confluentinc/confluent-kafka-javascript/blob/master/schemaregistry/rest-service.ts#L27C1-L36C2

Hello, we are looking to implement OAuth authentication by end of Q1, similar to what we have in our Javascript client. It would allow setting a static Bearer token or allow users to input their client credentials, where the client would handle retrieving, caching, and refreshing the Bearer token from your OAuth Identity Provider.

Would this be the functionality you are looking for?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
schema registry
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ericdevries @rayokota @Claimundefine