twmb
diff --git a/‎pkg/sasl/oauth/oauth.go
Lines changed: 3 additions & 0 deletions b/‎pkg/sasl/oauth/oauth.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎pkg/sasl/plain/plain.go
Lines changed: 4 additions & 0 deletions b/‎pkg/sasl/plain/plain.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎pkg/sasl/sasl.go
Lines changed: 2 additions & 2 deletions b/‎pkg/sasl/sasl.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎pkg/sasl/scram/scram.go
Lines changed: 3 additions & 0 deletions b/‎pkg/sasl/scram/scram.go
Lines changed: 3 additions & 0 deletions
@@ -52,6 +52,9 @@ func (fn oauth) Authenticate(ctx context.Context, _ string) (sasl.Session, []byt
 	if err != nil {
 		return nil, nil, err
 	}
+	if auth.Token == "" {
+		return nil, nil, errors.New("OAUTHBEARER token must be non-empty")
+	}
 
 	// We sort extensions for consistency, but it is not required.
 	type kv struct {
 
@@ -3,6 +3,7 @@ package plain
 
 import (
 	"context"
+	"errors"
 
 	"github.com/twmb/franz-go/pkg/sasl"
 )
@@ -46,6 +47,9 @@ func (fn plain) Authenticate(ctx context.Context, _ string) (sasl.Session, []byt
 	if err != nil {
 		return nil, nil, err
 	}
+	if auth.User == "" || auth.Pass == "" {
+		return nil, nil, errors.New("PLAIN user and pass must be non-empty")
+	}
 	return session{}, []byte(auth.Zid + "\x00" + auth.User + "\x00" + auth.Pass), nil
 }
 
 
@@ -1,4 +1,4 @@
-// Package sasl specifies interfaces that any sasl authentication must provide
+// Package sasl specifies interfaces that any SASL authentication must provide
 // to interop with Kafka SASL.
 package sasl
 
@@ -32,7 +32,7 @@ type Mechanism interface {
 	Authenticate(ctx context.Context, host string) (Session, []byte, error)
 }
 
-// ClosingMechanism is an optional interface for sasl mechanism's. Implementing
+// ClosingMechanism is an optional interface for SASL mechanisms. Implementing
 // this interface signals that the mechanism should be closed if it will never
 // be used again.
 type ClosingMechanism interface {
 
@@ -105,6 +105,9 @@ func (s scram) Authenticate(ctx context.Context, _ string) (sasl.Session, []byte
 	if err != nil {
 		return nil, nil, err
 	}
+	if auth.User == "" || auth.Pass == "" {
+		return nil, nil, errors.New(s.name + " user and pass must be non-empty")
+	}
 	if len(auth.Nonce) == 0 {
 		buf := make([]byte, 20)
 		if _, err = rand.Read(buf); err != nil {
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,9 @@ func (fn oauth) Authenticate(ctx context.Context, _ string) (sasl.Session, []byt`
`52`	`52`	`if err != nil {`
`53`	`53`	`return nil, nil, err`
`54`	`54`	`}`
	`55`	`+ if auth.Token == "" {`
	`56`	`+ return nil, nil, errors.New("OAUTHBEARER token must be non-empty")`
	`57`	`+ }`
`55`	`58`
`56`	`59`	`// We sort extensions for consistency, but it is not required.`
`57`	`60`	`type kv struct {`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package plain`
`3`	`3`
`4`	`4`	`import (`
`5`	`5`	`"context"`
	`6`	`+ "errors"`
`6`	`7`
`7`	`8`	`"github.com/twmb/franz-go/pkg/sasl"`
`8`	`9`	`)`
`@@ -46,6 +47,9 @@ func (fn plain) Authenticate(ctx context.Context, _ string) (sasl.Session, []byt`
`46`	`47`	`if err != nil {`
`47`	`48`	`return nil, nil, err`
`48`	`49`	`}`
	`50`	`+ if auth.User == "" \|\| auth.Pass == "" {`
	`51`	`+ return nil, nil, errors.New("PLAIN user and pass must be non-empty")`
	`52`	`+ }`
`49`	`53`	`return session{}, []byte(auth.Zid + "\x00" + auth.User + "\x00" + auth.Pass), nil`
`50`	`54`	`}`
`51`	`55`