adutra commented on code in PR #10256: URL: https://github.com/apache/iceberg/pull/10256#discussion_r1590646919
########## core/src/main/java/org/apache/iceberg/rest/RESTSessionCatalog.java: ########## @@ -215,6 +215,12 @@ public void initialize(String name, Map<String, String> unresolved) { this.paths = ResourcePaths.forCatalogProperties(mergedProps); String token = mergedProps.get(OAuth2Properties.TOKEN); + // re-resolve these variables in case they were overridden by the config endpoint + credential = mergedProps.get(OAuth2Properties.CREDENTIAL); + scope = mergedProps.getOrDefault(OAuth2Properties.SCOPE, OAuth2Properties.CATALOG_SCOPE); + oauth2ServerUri = + mergedProps.getOrDefault(OAuth2Properties.OAUTH2_SERVER_URI, ResourcePaths.tokens()); Review Comment: Hi @flyrain thank you so much for reviewing! Regarding the risk of config name clashes, most properties have a prefix such as `s3.`, `adls.`, `http-client.`, `ecs.`, etc. This prefix makes name clashes rather unlikely, while also clearly indicating the "scope" the property belongs to. Unfortunately, none of the properties in `OAuth2Properties` have such a prefix, which makes them rather prone to misinterpretation indeed. This is imho a bit out of the scope if this PR, but I agree with you that we could probably do something about it, e.g. introduce a prefix `auth.` that the client would then automatically "map" to properties in `OAuth2Properties`. But we'd still need to support "unprefixed" properties for a long time I'm afraid. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org