danielcweeks commented on PR #10256: URL: https://github.com/apache/iceberg/pull/10256#issuecomment-2113348511
> Why should a (malicious) Iceberg REST endpoint do the more complex redirect-dance, if it can get the nearly clear-text credentials due to the `/v1/oauth/tokens` route introduced by #4771? This change tries to _mitigate_ that security issue (clear text credentials) by telling the client to use the _correct_ oauth endpoint - nothing else. @snazy Users can override the oauth server, so for example if they set the auth server to be an Okta endpoint and they have credentials to authenticate with Okta, the resulting token from the client credential flow would go to the REST server (this is ok). However, if the REST server then redirects the client somewhere else, any subsequent operations (included additional credential flows) would send those credentials to a second party (this is not ok). The rest server should not be redirecting a client configured auth server. That's not safe. The client should be fully in control of which auth server it uses. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
