Skip to content

PubSub Pulsar: Allow for OIDC clientSecret to be rotated when token is refreshed #4102

New issue
New issue
Open
Open
PubSub Pulsar: Allow for OIDC clientSecret to be rotated when token is refreshed#4102
Assignees
nelson-parente
Labels
kind/enhancementNew feature or request
Milestone
v1.17
@alicejgibbons

Description

@alicejgibbons
alicejgibbons
opened on Nov 27, 2025

Describe the feature

Security policy requires rotating the Pulsar OAuth2 client secret (not just the token) via a file path. The current Pulsar Go client loads this file only once at startup, breaking authentication on subsequent token refreshes. The Pulsar team will add a fix to re-read the secret file on every token refresh operation. The Dapr Pulsar component then just needs to support passing a file path for the privateKey (clientSecret) metadata so that this file can be re-read on token refresh events and then re-generated.

Currently clientSecret only supports a value but by allowing this to read from a filePath then the privateKey can be rotated and then the token subsequently regenerated.

Release Note

RELEASE NOTE: ADD

Metadata

Metadata

Assignees

Labels

kind/enhancementNew feature or request

Type

No type

Projects

v1.17 Release Tracking Board

Status

Backlog

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions