From 611eeb88d654294d7c85098e0a4dac7afedbec32 Mon Sep 17 00:00:00 2001 From: Ming Luo Date: Tue, 28 Apr 2020 15:03:04 -0400 Subject: [PATCH] mvn release with cognito --- README.md | 6 +++--- java/pom.xml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6bac658..b330984 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ In pom.xml, io.kafkaesque.pulsar pulsar-client-plugin - 0.0.6 + 0.0.7 ``` @@ -53,11 +53,11 @@ PulsarClient client = PulsarClient.builder() ``` ### AWS Cognito integration -Integration of AWS Cognito enables Pulsar client authenticated against [AWS Cognito](https://aws.amazon.com/cognito/). The authentication flow requires creation of Cognito user pool and App client. The App client must allow `Client credential` OAuth flow, and specifies custome scopes for OAuth 2.0 grants. Here is [a good example](https://lobster1234.github.io/2018/05/31/server-to-server-auth-with-amazon-cognito/) explaining machine to machine authentication with Cognito. +Integration of AWS Cognito enables Pulsar client authenticated against [AWS Cognito](https://aws.amazon.com/cognito/). The authentication flow requires creation of Cognito user pool and App client. The App client must allow `Client credential` OAuth flow, and specify custome scopes for OAuth 2.0 grants. Here is [a good example](https://lobster1234.github.io/2018/05/31/server-to-server-auth-with-amazon-cognito/) explaining machine to machine authentication with Cognito. The client plugin enables client credential to exchange an access token following [the Cognito deverloper's guide](https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html). Under the hood, we will use `client_credentials` as grant_type. Scope must be preconfigured under the a User Pool's resource server and enabled by checking off `App client`'s OAuth2 Allowed Custom Scopes. This can be done via AWS CLI or console. The scope name will be used for authorization. -Resource server's identifier and client Id, that becomes `sub` in the Cognito JWT, can be optionally used for verification on the Pulsar broker side's authentication. +Resource server's identifier and client Id, that becomes `sub` in the Cognito JWT, can be used for whitelist verification on the Pulsar broker side's authentication. Cognito integration consists of the client side plugin and a broker auth plugin. The client plugin generates an access token, which in turn can be authenticated and authorized by the broker side. The broker plugin has to be configured on Pulsar and is not part of this repo. Please contact [Kafkaesque](https://kafkaesque.io/contact/#) to enable the broker side plugin. diff --git a/java/pom.xml b/java/pom.xml index c9cd5fa..183c3ff 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -3,7 +3,7 @@ io.kafkaesque.pulsar pulsar-client-plugin jar - 0.0.6 + 0.0.7 pulsar-client-plugin