Problem
AWS MSK is AWS's managed Kafka service. It offers an IAM access mode that restricts access based on IAM policies. They have a Serverless option, which only supports IAM access control.

You can authenticate this way by using the SASL_OAUTHBEARER mechanism as described here: https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html#configure-clients-for-iam-access-control

The underlying Signer library for Go generates an OAuth token from AWS credentials in the current AWS credential provider chain. The README shows an example using Sarama here: https://github.com/aws/aws-msk-iam-sasl-signer-go/tree/main

Persona:
Which persona is this feature for? Event producers and consumers

Exit Criteria
Users can specify configuration options for a Kafka Broker that will allow it to authenticate using SASL_OATHBEARER and a token provider that generates tokens from the user's default IAM credential provider chain.

Time Estimate (optional):
How many developer-days do you think this may take to resolve?

Additional context (optional)
Add any other context about the feature request here.