feat: add support for OAUTHBEARER token refresh callback#5
Merged
antaljanosbenjamin merged 2 commits intoClickHouse:ClickHouse/release-0.4.1from Mar 2, 2026
Merged
Conversation
Author
|
@antaljanosbenjamin for your review to address the comments |
This was referenced Feb 5, 2026
Member
antaljanosbenjamin
left a comment
antaljanosbenjamin
left a comment
There was a problem hiding this comment.
Apart from this small change, the PR looks good. One question remains: do you mind also submitting the same PR to the upstream project or should I do that once this is merged?
The reason is we like to contribute back and it also help us keep our fork closer to the upstream one.
Change the oauthbearer_config parameter from 'const std::string&' to
'const std::string*' to maintain semantic consistency with librdkafka.
This allows the callback to distinguish between:
- Config not set (nullptr)
- Config set to empty string ('')
Updated files:
- include/cppkafka/configuration.h: Changed callback signature
- src/configuration.cpp: Modified proxy to pass nullptr instead of empty string
- examples/oauth_example.cpp: Updated example to check for nullptr
- docs/oauth_bearer_callback.md: Updated all documentation and examples
Addresses PR review comment from antaljanosbenjamin.
Author
|
@antaljanosbenjamin are we all good for this MR? |
antaljanosbenjamin
approved these changes
Mar 2, 2026
Member
|
We are good to go. Could you please also open an upstream PR? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR extends
cppkafka::Configurationto support thesasl.oauthbearer.token.refresh.cbcallback provided bylibrdkafka.Motivation Mechanisms like
AWS_MSK_IAMor generic OAUTHBEARER require the client to dynamically generate and refresh tokens when they expire.librdkafkahandles this via a callback that requests a new token. Previously,cppkafkadid not expose this callback, making it impossible to implement custom OAuth logic (like AWS SigV4 signing) purely in C++ without bypassing the wrapper.Changes
Configuration::set_oauthbearer_token_refresh_callbackwhich accepts astd::function.oauthbearer_token_refresh_callback_proxythat correctly bridges the C-stylelibrdkafkacallback to the C++ function, properly casting theopaquehandle.docs/oauth_bearer_callback.mdexplaining how to use the new feature.examples/oauth_example.cppdemonstrating a basic implementation.Usage Example
This change is required for integrating AWS MSK IAM Authentication into ClickHouse.