diff --git a/configuration/configuration-file.md b/configuration/configuration-file.md index 21adaaf..d600048 100644 --- a/configuration/configuration-file.md +++ b/configuration/configuration-file.md @@ -37,8 +37,18 @@ kafka: schemaRegistryShowNullValues: true # Show null fields in Avro messages (default: false) schemaRegistryUseFullyQualifiedNames: true # Use full type names in unions (default: false) schema-registry-auth: + # Basic authentication username: schema registry username password: schema registry password + # OAuth client-credentials authentication + oauth: + tokenUrl: https://auth.example.com/oauth/token + clientId: your-client-id + clientSecret: your-client-secret + scopes: schema-registry:read,schema-registry:write + tokenCacheEnabled: true # default: true + tokenRefreshBuffer: 60s # default: 60s + maxRetries: 1 # default: 1 (retries on 401 Unauthorized) schema-registry-ssl: keystore-location: path/to/keystore/file.jks keystore-password: password diff --git a/configuration/misc-configuration-properties.md b/configuration/misc-configuration-properties.md index bd69532..375aaaf 100644 --- a/configuration/misc-configuration-properties.md +++ b/configuration/misc-configuration-properties.md @@ -34,6 +34,13 @@ kafka: | `KAFKA_CLUSTERS_0_SCHEMAREGISTRY` | SchemaRegistry's address | | `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_USERNAME` | SchemaRegistry's basic authentication username | | `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_PASSWORD` | SchemaRegistry's basic authentication password | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_TOKENURL` | Token URL for SchemaRegistry's OAuth client-credentials authentication. Cannot be combined with Basic auth on the same cluster. | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_CLIENTID` | Client ID for SchemaRegistry's OAuth authentication | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_CLIENTSECRET` | Client secret for SchemaRegistry's OAuth authentication | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_SCOPES` | Comma-separated list of OAuth scopes to request for SchemaRegistry authentication | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_TOKENCACHEENABLED` | Enable caching of OAuth tokens for SchemaRegistry. Default: `true` | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_TOKENREFRESHBUFFER` | Duration before token expiry to proactively refresh the token (e.g. `60s`, `360s`). Default: `60s` | +| `KAFKA_CLUSTERS_0_SCHEMAREGISTRYAUTH_OAUTH_MAXRETRIES` | Max number of retries on 401 Unauthorized responses from SchemaRegistry. Default: `1` | | `KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_KEYSTORELOCATION` | Path to the JKS keystore to communicate to SchemaRegistry | | `KAFKA_CLUSTERS_0_SCHEMAREGISTRYSSL_KEYSTOREPASSWORD` | Password of the JKS keystore for SchemaRegistry | | `KAFKA_CLUSTERS_0_SCHEMAREGISTRYSHOWNULLVALUES` | Show null fields in Avro messages instead of omitting them. Default: false |