Support invalidating client's OAuth2 token after receiving an authentication exception #20107
Open
1 of 2 tasks
Labels
area/authn
area/client
Stale
type/enhancement
The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Search before asking
Motivation
The
AuthenticationOAuth2
provider only retrieves a new token when the current one has expired.pulsar/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/AuthenticationOAuth2.java
Lines 99 to 106 in 82237d3
However, when there is an unexpected signing key rotation, which can happen for several reasons, a client will fail to authenticate until the token expires.
Solution
The client could invalidate the cached token and retrieve a new one. Note that this is happening when authentication has already failed, so the current token is already known to be invalid.
Alternatives
No response
Anything else?
No response
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: