-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Second re-authentication fails with OAUTHBEARER when default credentials are used #176
Comments
I have some applications which provide an (I ended up splitting this issue out into #180 since it came up in a different version) |
I think this PR should fix it: #182 Can you test with this? |
Similar to this comment on #180, I don't think this will work because we aren't using |
Fixed in release 2.2.0 |
This issue is now closed. Comments on closed issues are hard for our team to see. |
This issue is similar to #143. The resolution for that issue did fix the case where the first re-authentication fails if
awsRoleArn
is not specified, but I've noticed our application fails to re-authenticate on the second attempt.This occurs in a Java application, but I was also able to reproduce it with a console consumer. The consumer ran successfully for a while, but it failed to authenticate due to a
SaslAuthenticationException: Session too short
error once it hit the 2 hour mark. Since our default role credential would expire after one hour, this seems to happen during the second re-authentication.Here's the config used for this:
We have applications which specify an
awsRoleArn
in theirsasl.jaas.config
and are able to run indefinitely without this re-authentication error, so I suspect this only impacts configurations withoutawsRoleArn
.Kafka version: 3.7.0
aws-msk-iam-auth version: 2.0.3
The text was updated successfully, but these errors were encountered: