snazy commented on code in PR #10603:
URL: https://github.com/apache/iceberg/pull/10603#discussion_r1672615346
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -134,9 +134,22 @@ paths:
post:
tags:
- OAuth2 API
- summary: Get a token using an OAuth2 flow
+ summary: Get a token using an OAuth2 flow (DEPRECATED for REMOVAL)
+ deprecated: true
operationId: getToken
description:
+ The `oauth/tokens` endpoint is **DEPRECATED for REMOVAL**. It is _not_
recommended to
+ implement this endpoint, unless you are fully aware of the potential
security implications.
+
+ All clients are encouraged to explicitly set the configuration
property `oauth2-server-uri`
+ to the correct OAuth endpoint.
+
+ Deprecated since Iceberg (Java) 1.6.0. The endpoint and related types
will be removed from
+ this spec in Iceberg (Java) 1.7.0.
Review Comment:
It's to let (new) adopters run into the trap of "blindly" implementing it
and accidentally run into security issues
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
