izumo27 opened a new pull request, #25538: URL: https://github.com/apache/pulsar/pull/25538
### Motivation Currently, the Client Credentials Flow in AuthenticationOAuth2 supports only authentication using `client_secret`. This PR adds `tls_client_auth` using a certificate. https://datatracker.ietf.org/doc/rfc8705/ ### Modifications Added `TlsClientAuthFlow` class for the flow using a certificate. - The `client_id` is treated as an optional parameter for users. - Although `client_id` is required by the RFC, it may not be necessary in cases such as Athenz. Allowing it to be optional as a client input provides greater flexibility. As long as the pulsar client includes `client_id` internally, it remains compliant with the RFC. - Since a certificate is only required when obtaining a token, a different HTTP client is used than the one used for retrieving metadata. ### Verifying this change - [x] Make sure that the change passes the CI checks. - https://github.com/izumo27/pulsar/pull/7 This change added tests and can be verified as follows: - Added tests for tls_client_auth - Modify existing tests for cilent_sercre ### Does this pull request potentially affect one of the following parts: - [ ] Dependencies (add or upgrade a dependency) - [ ] The public API - [ ] The schema - [ ] The default values of configurations - [ ] The threading model - [ ] The binary protocol - [ ] The REST endpoints - [ ] The admin CLI options - [ ] The metrics - [ ] Anything that affects deployment -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
