2.4 KiB
2.4 KiB
OAuth2
Examples to set up different oauth providers
Cognito
kafka:
clusters:
- name: local
bootstrapServers: localhost:9092
# ...
auth:
type: OAUTH2
oauth2:
client:
cognito:
clientId: xxx
clientSecret: yyy
scope: openid
client-name: cognito
provider: cognito
redirect-uri: http://localhost:8080/login/oauth2/code/cognito
authorization-grant-type: authorization_code
issuer-uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_xxx
jwk-set-uri: https://cognito-idp.eu-central-1.amazonaws.com/eu-central-1_xxx/.well-known/jwks.json
user-name-attribute: cognito:username
custom-params:
type: cognito
logoutUrl: https://<XXX>>.eu-central-1.amazoncognito.com/logout
kafka:
clusters:
- name: local
bootstrapServers: localhost:9092
# ...
auth:
type: OAUTH2
oauth2:
client:
google:
provider: google
clientId: xxx.apps.googleusercontent.com
clientSecret: GOCSPX-xxx
user-name-attribute: email
custom-params:
type: google
allowedDomain: provectus.com
GitHub
Example of callback URL for github OAuth app settings:
https://www.kafka-ui.provectus.io/login/oauth2/code/github
For the self-hosted installation find the properties a little bit below.
kafka:
clusters:
- name: local
bootstrapServers: localhost:9092
# ...
auth:
type: OAUTH2
oauth2:
client:
github:
provider: github
clientId: xxx
clientSecret: yyy
scope:
- read:org
user-name-attribute: login
custom-params:
type: github
Self-hosted/Cloud (GitHub Enterprise Server)
kafka:
clusters:
- name: local
bootstrapServers: localhost:9092
# ...
auth:
type: OAUTH2
oauth2:
client:
github:
provider: github
clientId: xxx
clientSecret: yyy
scope:
- read:org
user-name-attribute: login
custom-params:
type: github
authorization-uri: http(s)://HOSTNAME/login/oauth/authorize
token-uri: http(s)://HOSTNAME/login/oauth/access_token
user-info-uri: http(s)://HOSTNAME/api/v3/user
Replace HOSTNAME by your self-hosted platform FQDN.