Description
Hi,
In my environment, I have a Kafka cluster configured with Keycloak using OAUTH (SASL_PLAINTEXT). As such, I developed a TokenProvider that authenticates the user and refreshes the token when it is about to expired.
The problem is: you only get the token in the very beginning, meaning that after some time my tokenprovider have a new token (updated using a thread), but you never ask for it. So I get the following error:
kafka.errors.TopicAuthorizationFailedError: [Error 29] TopicAuthorizationFailedError:
I can see two possible solutions:
- Extract the expires_in from the jwt token and have a parameter to allows update the token X seconds before it expires.
- A simple parameter that allow us to set intervals to get new token, for example every 5 minutes.
In my opinion, I would go with the second and leave the first one to be implemented by the TokenProvider (update the token returned by TokenProvider before it expires, which I am already doing it). Moreover the second is easier to implement.
Best regards,