Skip to content

Commit

Permalink
mvn release with cognito
Browse files Browse the repository at this point in the history
  • Loading branch information
zzzming committed Apr 28, 2020
1 parent 730614a commit 611eeb8
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ In pom.xml,
<dependency>
<groupId>io.kafkaesque.pulsar</groupId>
<artifactId>pulsar-client-plugin</artifactId>
<version>0.0.6</version>
<version>0.0.7</version>
</dependency>

```
Expand All @@ -53,11 +53,11 @@ PulsarClient client = PulsarClient.builder()
```

### AWS Cognito integration
Integration of AWS Cognito enables Pulsar client authenticated against [AWS Cognito](https://aws.amazon.com/cognito/). The authentication flow requires creation of Cognito user pool and App client. The App client must allow `Client credential` OAuth flow, and specifies custome scopes for OAuth 2.0 grants. Here is [a good example](https://lobster1234.github.io/2018/05/31/server-to-server-auth-with-amazon-cognito/) explaining machine to machine authentication with Cognito.
Integration of AWS Cognito enables Pulsar client authenticated against [AWS Cognito](https://aws.amazon.com/cognito/). The authentication flow requires creation of Cognito user pool and App client. The App client must allow `Client credential` OAuth flow, and specify custome scopes for OAuth 2.0 grants. Here is [a good example](https://lobster1234.github.io/2018/05/31/server-to-server-auth-with-amazon-cognito/) explaining machine to machine authentication with Cognito.

The client plugin enables client credential to exchange an access token following [the Cognito deverloper's guide](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html). Under the hood, we will use `client_credentials` as grant_type. Scope must be preconfigured under the a User Pool's resource server and enabled by checking off `App client`'s OAuth2 Allowed Custom Scopes. This can be done via AWS CLI or console. The scope name will be used for authorization.

Resource server's identifier and client Id, that becomes `sub` in the Cognito JWT, can be optionally used for verification on the Pulsar broker side's authentication.
Resource server's identifier and client Id, that becomes `sub` in the Cognito JWT, can be used for whitelist verification on the Pulsar broker side's authentication.

Cognito integration consists of the client side plugin and a broker auth plugin. The client plugin generates an access token, which in turn can be authenticated and authorized by the broker side. The broker plugin has to be configured on Pulsar and is not part of this repo. Please contact [Kafkaesque](https://kafkaesque.io/contact/#) to enable the broker side plugin.

Expand Down
2 changes: 1 addition & 1 deletion java/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<groupId>io.kafkaesque.pulsar</groupId>
<artifactId>pulsar-client-plugin</artifactId>
<packaging>jar</packaging>
<version>0.0.6</version>
<version>0.0.7</version>


<name>pulsar-client-plugin</name>
Expand Down

0 comments on commit 611eeb8

Please sign in to comment.