From 21211f3535ad50c8d4d1e3503320854053c0d12c Mon Sep 17 00:00:00 2001 From: gulecroc Date: Tue, 4 Nov 2025 13:24:16 +0000 Subject: [PATCH 1/2] oauth2 authentication truststore and timeouts --- docs/security-oauth2.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/security-oauth2.md b/docs/security-oauth2.md index 725c83cc1df3..08b9f2773fa8 100644 --- a/docs/security-oauth2.md +++ b/docs/security-oauth2.md @@ -236,6 +236,9 @@ The following table outlines the parameters of the `client_credentials` authenti | `privateKey` | The URL to the JSON credentials file. | Support the following pattern formats:
  • `file:///path/to/file`
  • `file:/path/to/file`
  • `data:application/json;base64,`
    • | Required | | `audience` | The OAuth 2.0 "resource server" identifier for a Pulsar cluster. | `https://broker.example.com` | Optional | | `scope` | The scope of an access request.
    For more information, see [access token scope](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3). | api://pulsar-cluster-1/.default | Optional | +| `connectTimeout` | The connection timeout in milliseconds. Default value: 10s. Only implemented in java client. | 10000 | Optional | +| `readTimeout` | The read timeout in milliseconds. Only implemented in java client. Default value: 30s. | 30000 | Optional | +| `trustCertsFilePath` | The path to the file containing the trusted certificate(s) of the token issuer. If not set, uses the default trust store of the JVM. Only implemented in java client. | /path/to/file | Optional | The credentials file `credentials_file.json` contains the service account credentials used with the client authentication type. The following is an example of the credentials file. The authentication type is set to `client_credentials` by default. And the fields "client_id" and "client_secret" are required. From d0a1dc26ec07af92f414da008c49b4c38a699fb2 Mon Sep 17 00:00:00 2001 From: gulecroc Date: Mon, 10 Nov 2025 22:01:48 +0000 Subject: [PATCH 2/2] update timeouts format --- docs/security-oauth2.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/security-oauth2.md b/docs/security-oauth2.md index 08b9f2773fa8..d438ab2d092e 100644 --- a/docs/security-oauth2.md +++ b/docs/security-oauth2.md @@ -236,8 +236,8 @@ The following table outlines the parameters of the `client_credentials` authenti | `privateKey` | The URL to the JSON credentials file. | Support the following pattern formats:
  • `file:///path/to/file`
  • `file:/path/to/file`
  • `data:application/json;base64,`
    • | Required | | `audience` | The OAuth 2.0 "resource server" identifier for a Pulsar cluster. | `https://broker.example.com` | Optional | | `scope` | The scope of an access request.
    For more information, see [access token scope](https://datatracker.ietf.org/doc/html/rfc6749#section-3.3). | api://pulsar-cluster-1/.default | Optional | -| `connectTimeout` | The connection timeout in milliseconds. Default value: 10s. Only implemented in java client. | 10000 | Optional | -| `readTimeout` | The read timeout in milliseconds. Only implemented in java client. Default value: 30s. | 30000 | Optional | +| `connectTimeout` | The HTTP connection timeout with [java.time.Duration](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/time/Duration.html#parse(java.lang.CharSequence)) format. Default value: `PT10S`. Only implemented in java client. | PT10S | Optional | +| `readTimeout` | The HTTP read timeout with [java.time.Duration](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/time/Duration.html#parse(java.lang.CharSequence)) format. Default value: `PT30S`. Only implemented in java client. | PT30S | Optional | | `trustCertsFilePath` | The path to the file containing the trusted certificate(s) of the token issuer. If not set, uses the default trust store of the JVM. Only implemented in java client. | /path/to/file | Optional | The credentials file `credentials_file.json` contains the service account credentials used with the client authentication type. The following is an example of the credentials file. The authentication type is set to `client_credentials` by default. And the fields "client_id" and "client_secret" are required.