danielcweeks commented on PR #10256:
URL: https://github.com/apache/iceberg/pull/10256#issuecomment-2113348511

   > Why should a (malicious) Iceberg REST endpoint do the more complex 
redirect-dance, if it can get the nearly clear-text credentials due to the 
`/v1/oauth/tokens` route introduced by #4771? This change tries to _mitigate_ 
that security issue (clear text credentials) by telling the client to use the 
_correct_ oauth endpoint - nothing else.
   
   @snazy Users can override the oauth server, so for example if they set the 
auth server to be an Okta endpoint and they have credentials to authenticate 
with Okta, the resulting token from the client credential flow would go to the 
REST server (this is ok).  However, if the REST server then redirects the 
client somewhere else, any subsequent operations (included additional 
credential flows) would send those credentials to a second party (this is not 
ok). 
   
   The rest server should not be redirecting a client configured auth server.  
That's not safe.  The client should be fully in control of which auth server it 
uses.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to