Why does AuthenticationFactoryOAuth2.ClientCredentials require credentials saved in file?

[martinek-stepan]

What is the point of having authentication method loading credential from file? It seems as such anti-pattern.
Is there any way to provide the JSON dynamically instead? (Whenever I load it from file or compose it from environmental variables)

[Lanayx]

Hi! This is not something it was invented here, but just ported from the official java library. Once java implementation changes it will open a possibility to change the behavior of this library as well.
That being said - you can always plugin any custom authentication logic by implementing abstract Authentication class

[martinek-stepan]

@Lanayx Would it be possible to get example how to create such logic in C#?

I have tried to adapt token retrieval with following classes:

class PulsarClientAuthentication : Authentication
{
    private static readonly ConcurrentDictionary<string, AuthenticationResult> TokenCache = new();
    private PulsarClientConfiguration configuration;

    public PulsarClientAuthentication(PulsarClientConfiguration configuration)
    {
        this.configuration = configuration;
    }

    public override string GetAuthMethodName() => "OAuth2";
    
    public override AuthenticationDataProvider GetAuthData()
    {
        if (TokenCache.TryGetValue(configuration.ClientId, out var authResult) &&
            authResult.ExpiresOn > DateTimeOffset.Now) return new TokenProvider(authResult.AccessToken);
                
        TokenCache.TryRemove(configuration.ClientId, out _);
        var pca = ConfidentialClientApplicationBuilder.Create(configuration.ClientId)
            .WithClientSecret(configuration.ClientSecret)
            .WithTenantId(configuration.Tenant)
            .Build();

        var scopes = new List<string> {configuration.pulsarScope };
        var result = pca.AcquireTokenForClient(scopes).ExecuteAsync().ConfigureAwait(false).GetAwaiter().GetResult();
        TokenCache.TryAdd(configuration.ClientId, result);
        authResult = result;

        return new TokenProvider(authResult.AccessToken);
    }
}

class  TokenProvider : AuthenticationDataProvider
{
    private string token;

    public TokenProvider(string token)
    {
        this.token = token;
    }

    public override bool HasDataFromCommand() => true;

    public override string GetCommandData() => token;
}

And when I try manually I am able to get valid token from both of them (see below), but when I try to use custom Authenticator, creating provider fails with Exception Pulsar.Client.Api.ConnectException: Unable to initiate connection.
While the original one works, so it must be something with my implementation.

var authNative = AuthenticationFactoryOAuth2.ClientCredentials(issuerUrl, audience, privateKeyFileUri, scope);
var authNative = new PulsarClientAuthentication(configuration);
var a = authMine.GetAuthData()/*.GetCommandData()*/;
var b = authMine.GetAuthData()/*.GetCommandData()*/;

[Lanayx]

Sorry, I won't debug your code, but this is how I would do it

1. Extract authentication classes from library to custom namespace as is, make sure it works
2. Change file usage to memory, make sure it still works
3. Rewrite the code to C# gradually - move classes one by one, checking everything works on each step