Kafka OAuth2 Account
Overview
You can use this account type to connect Kafka Snaps with data sources that use the Kafka OAuth2 account.
Prerequisites
A registered OAuth application in the Confluent portal with appropriate permissions:
- Client ID
- Client secret
- OAuth2 token endpoint
- Scope
Account settings
Legend:
- Expression icon (
): Allows using JavaScript
syntax to access SnapLogic Expressions to set field values dynamically (if enabled). If
disabled, you can provide a static value. Learn more. - SnapGPT (
): Generates SnapLogic Expressions
based on natural language using SnapGPT. Learn
more. - Suggestion icon (
): Populates a
list of values dynamically based on your Snap configuration.
You can select only one attribute at a time using the icon.
Type into the field if it supports a comma-separated list of values. - Upload
: Uploads files. Learn more.
| Field / Field set | Type | Description |
|---|---|---|
| Label | String | Required. Specify a unique label for the account. Default: Kafka OAuth2 Account Example: Kafka OAuth2 Account |
| Bootstrap servers | Use this field to specify the initial list of Kafka broker addresses for a Kafka client to connect to during its initial bootstrap process. | |
| Bootstrap server | String/Expression | Specify the host:port pairs to establish the initial connection
to the Kafka cluster. Default value: N/A Example: localhost:9092 |
| Schema registry URL | String/Expression |
Specify the schema registry server URL.
Default value: N/A Example: http://ec2-55-334-44-58.compute-1.amazonaws.com:8000 |
| Advanced Kafka properties | Use this field set to
specify any additional Kafka properties for connecting to the Kafka
server that are not specifically provided in the Confluent Kafka
Snaps. Note: To connect to a Confluent Cloud Kafka cluster instance
using OAuth/OIDC credentials, you must define SASL extension
properties for the pool ID of the Identity Pool and ID of the
Kafka cluster. Each extension property must be in lowercase and
begin with
extension_.  |
|
| Key | String/Expression |
Specify the key for any Kafka parameters that are not specifically supported by the Snaps.
Default value: N/A Example: max.message.size |
| Value | String/Expression |
Specify the value for the corresponding key that is not specifically supported by the Snaps.
Default value: N/A Example: 5 MB |
| Security protocol | String/Expression/ Suggestion | Select the security protocol from the dropdown list. The
available options are:
Default value: SASL_PLAINTEXT Example: SASL_SSL |
| Client ID | String |
Required. Specify the client ID created
during the application registration process. This ID enables the
application to log in to an identity provisioning program, such as
Azure Active Directory. The application ID, also known as the client
ID, uniquely identifies your application. Learn more about Application Configuration in Azure Portal for OAuth2 Account to use in OneDrive Default value: N/A Example: 8231b8a-jbc8-128-73ce-d021j2b279c8 |
| Client secret | String |
Required. Specify the client secret, which
your application uses to securely acquire the tokens. The client
secret can be created by following the steps of the application
provider. Learn more about Application Configuration in Azure Portal for OAuth2 Account to use in OneDrives Default value: N/A Example: Value is encrypted |
| Scope | String/Expression | Specify the scope to provide a way to manage permissions to
protected resources, such as your web API. Learn more about how to set up OAuth2 credentials in the Azure portal. Default value: N/A Example: api://e0af525c-c373-44bc-ac99-5f5a-2782268d/default |
| OAuth2 token endpoint | String/Expression |
Required.
Specify the token endpoint to get the access token.
Default value: N/A Example: https://login.microsoftonline.com/2060acfg-89d9-423d-9514-eac46338ec05/oauth2/v2.0/token |
| Keystore filepath | String/Expression |
Appears when the Security protocol is SASL_SSL.
Specify the keystore file location of the client.
Default value: N/A Example: server.keystore.jks |
| Keystore file password | String/Expression |
Appears when the Security protocol is SASL_SSL.
Specify the keystore password to access the keystore file of the client.
Default value: N/A Example: KsP@ssw0rd123! |
| SSL key password | String/Expression |
Appears when the Security protocol is SASL_SSL.
Specify the SSL key password.
Default value: N/A Example: SslK3yP@ssw0rd! |
| Truststore filepath | String/Expression |
Appears when the Security protocol is SASL_SSL.
Specify the truststore file location of the client.
Default value: N/A Example: server.truststore.jks |
| Truststore password | String/Expression |
Appears when the Security protocol is SASL_SSL.
Specify the password to access the truststore file, if used.
Default value: N/A Example: Value is encrypted |
| Schema registry authentication | Appears when you specify the Schema Registry URL. Use this field set to configure the schema registry details for authentication. | |
| Registry cluster ID | String/Expression |
Required.
The Registry cluster ID uniquely identifies a Schema Registry instance. Specify the Cluster ID of the Schema Registry. The cluster ID begins with lsrc- (Logical Schema Registry Cluster).
Default value: N/A Example: lsrc-Dfc93Xc9TzK5ZC6X0k7 |
| Identity pool ID | String/Expression | A group of identities that are allowed to authenticate and
interact with the Schema Registry. Specify the ID of the Identity
Pool with permissions (read/write/delete schema) to access the
Schema Registry. Note: If this field is left blank, the account looks for an
Identity Pool ID defined as a SASL extension property in the
Advanced Properties. If it finds one, it uses that as the
identity pool.
Default value: N/A Example: pool-b6Yd |
| Client ID | String/Expression | The Client ID obtained from the OAuth/OIDC identity provider
(used for authenticating to the Schema Registry). Default value: N/A Example: LKC1234567890 |
| Client secret | String/Expression |
The Client secret obtained from the client credentials grant from the OAuth/OIDC identity provider (used for authenticating to the Schema Registry). This value is encrypted.
Default value: N/A Example: abcdEfghIjklMnopQrStUvwxYz1234567890+/= |
| Scope | String/Expression |
Specify the Access token scope used to obtain a client credentials grant from an OAuth/OIDC identity provider.
Default value: N/A Example: api://trigger-task/.default |
| OAuth2 token endpoint | String/Expression |
Specify the OAuth2 token endpoint to which you need to connect.
Default value: N/A Example: http://keycloak:8080/realms/cp/protocol/openid-connect/token |
Troubleshooting
Failed to validate account
Invalid credentials for Schema Registry or connection failure.
Provide a valid registry URL.
Failed to retrieve OAuth token for Schema Registry
This occurs when fetching an OAuth token for the Schema Registry.
Ensure that the Schema Registry is running and reachable by the Snaplex.
Client ID or secret is not defined
Invalid client credentials for Schema Registry.
Specify values for Schema Registry client credentials.