Re: [PR] Support usage of Separate OIDC Authorization Server URI [iceberg]

via GitHub Tue, 06 Feb 2024 13:39:18 -0800


flyrain commented on code in PR #8976:
URL: https://github.com/apache/iceberg/pull/8976#discussion_r1480395309



##########
core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Properties.java:
##########
@@ -27,6 +27,9 @@ private OAuth2Properties() {}
   /** A credential to exchange for a token in the OAuth2 client credentials 
flow. */
   public static final String CREDENTIAL = "credential";
 
+  /** Token endpoint URI to fetch token from if the Rest Catalog is not the 
authorization server. */

Review Comment:
   "Token endpoint URI" --> "OAuth Server URI"?



##########
aws/src/main/java/org/apache/iceberg/aws/s3/signer/S3V4RestSignerClient.java:
##########
@@ -111,6 +112,12 @@ public String credential() {
     return properties().get(OAuth2Properties.CREDENTIAL);
   }
 
+  /** Token endpoint URI to fetch token from if the Rest Catalog is not the 
authorization server. */

Review Comment:
   "Token endpoint URI" -> "OAuth Server URI" or just "Endpoint"?



##########
core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Util.java:
##########
@@ -134,7 +134,8 @@ private static OAuthTokenResponse refreshToken(
       Map<String, String> headers,
       String subjectToken,
       String subjectTokenType,
-      String scope) {
+      String scope,
+      String oauth2ServerUri) {

Review Comment:
   that's fine, it isn't introduced by this PR anyway. We can refactor in a 
followup if needed.



##########
core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Util.java:
##########
@@ -361,6 +392,23 @@ public static class AuthSession {
     private final String credential;
     private final String scope;
     private volatile boolean keepRefreshed = true;
+    private final String oauth2ServerUri;
+
+    public AuthSession(
+        Map<String, String> baseHeaders,
+        String token,
+        String tokenType,
+        String credential,
+        String scope,
+        String oauth2ServerUri) {
+      this.headers = RESTUtil.merge(baseHeaders, authHeaders(token));
+      this.token = token;
+      this.tokenType = tokenType;
+      this.expiresAtMillis = OAuth2Util.expiresAtMillis(token);
+      this.credential = credential;
+      this.scope = scope;
+      this.oauth2ServerUri = oauth2ServerUri;
+    }
 
     public AuthSession(

Review Comment:
   cc @nastra @danielcweeks 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Re: [PR] Support usage of Separate OIDC Authorization Server URI [iceberg]

Reply via email to