flyrain commented on issue #464: URL: https://github.com/apache/iceberg-python/issues/464#issuecomment-1979866702
Yeah, it is normally an anti-pattern to use id-token for resource servers. For example, the id token will carry all audiences that the client has, which could be misused, e.g., a client has audiences `[rest-catalog, resource service B]`, while access token can limit the audience by specifying it in the request, so that an access token will only have the audience `rest-catalog`. However, the risk of id token may be well controlled depending on the special use cases in certain orgs. Given that is an anti-pattern corner case, we can close this now. We may figure it out with different solutions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
