syun64 commented on issue #464: URL: https://github.com/apache/iceberg-python/issues/464#issuecomment-1960526232
My understanding is that when a backend client is talking to an API server, we should only support Client Credentials Flow or the direct use of access tokens. We are validating that PyIceberg Client application has the authorization to use the resource Server (Rest Catalog), instead of identifying who the user is (ID of the person behind the application). So it feels odd to me to introduce the usage of ID_TOKEN as a means of authorization. That's my opinion, but I'm curious to hear what others think on this topic! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
