Added doc to use oauth for pulsar scaler

[mingmcb]

Added doc to use oauth for pulsar scaler

Checklist

• Commits are signed with Developer Certificate of Origin (DCO)

Related to kedacore/keda#4709

[netlify]

✅ Deploy Preview for keda ready!

Name	Link
🔨 Latest commit	16a7f97
🔍 Latest deploy log	https://app.netlify.com/sites/keda/deploys/650473031883f30008855c5b
😎 Deploy Preview	https://deploy-preview-1161--keda.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[github-actions]

Thank you for your contribution! 🙏 We will review your PR as soon as possible.

While you are waiting, make sure to:

• Add your contribution to all applicable KEDA versions
• GitHub checks are passing
• Is the DCO check failing? Here is how you can fix DCO issues

Learn more about:

• How to become a listed end-user or a listed commerical offering
• Our contribution guide

[zroubalik]

I think we should move this to TriggerAuthentication. We tend to not put credentials related stuff into trigger config.

@tomkerkhove @JorTurFer WDYT

[zroubalik]

You can check Kafka scaler: https://keda.sh/docs/2.10/scalers/apache-kafka/#authentication-parameters

[JorTurFer]

I don't think that clientID and oauthTokenURI are secrets, I mean, AFAIK, only the clientSecret is a sensitive data, clientId usually is part of the query string

[JorTurFer]

but we can move it into TriggerAuthentication as it's related with the credentials, but they aren't sensitive data

[zroubalik]

yeah, this is what I mean. It logically belongs there imho. Kafka is done this way also.

[mingmcb]

The clientID is already part of TirggerAuthentication. see the code example: https://github.com/kedacore/keda-docs/pull/1161/files#diff-36e3935f303a0a808c6ee2bc08e18d62f54d555079a822c101882f3aec0198a6R268-R280

The idea is to have the additional clientID in the metadata is mainly for ease of use. with OAuth RFC8705, it is possible to request the access token without the secret. In this case, developer can just have everything in the metadata without secret. see example for this case: https://github.com/kedacore/keda-docs/pull/1161/files#diff-36e3935f303a0a808c6ee2bc08e18d62f54d555079a822c101882f3aec0198a6R308-R328

[zroubalik]

Okay make sense. Could you please then add also the scopes and oauthTokenURI to TriggerAuth as well? The same way clientID is done.

[zroubalik]

if client_credentials is the only supported type, then we can make it a default one, right? And we don't have make it configurable and add a property for it in here, am I correct in my assumption? If we add another type in the future, we can expose this config then.

[mingmcb]

yes, I can make it as default if works better.

[zroubalik]

yeah and remove the property from the config pls

[zroubalik]

scope should be a comma separated list, not space separated list. To be consistent with the rest of the config (eg. authModes). I missed that when I did the previous review.

@mingmcb could you please fix that?

[zroubalik]

please move this to content/docs/2.12

[zroubalik]

LGTM