adutra commented on PR #10314: URL: https://github.com/apache/iceberg/pull/10314#issuecomment-2206868094
> I believe that the intent includes that a client credential exchange could return any of the enumerated token types defined in [section 3](https://www.rfc-editor.org/rfc/rfc8693.html#name-token-type-identifiers) and applies. RFC 8693 _builds_ on top of RFC 6749, but does not modify any of its structs. And how could it be otherwise? An RFC cannot modify another one's structs without officially superseding it. Imho it is wrong to read section 2.2.1 of RFC 8693 as a general rewrite of RFC 6749 section 5.1, valid for all grants. The correct reading is: section 2.2.1 expands section 5.1 by adding extra context, _in the scope of a token exchange grant only_. And anyways, that's how all public OAuth 2.0 servers interpret it: none of them include the field `issued_token_type` in a `client_credentials` grant response, _even if they support RFC 8693_. TLDR is: if you want Iceberg REST to be interoperable with any public OAuth 2.0 server, this PR needs to be in. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
