varpa89 commented on issue #12363: URL: https://github.com/apache/iceberg/issues/12363#issuecomment-2677747621
We're experiencing similar problems with token refresh (Iceberg Rest Catalog with Trino and Spark) and Keycloak. And there is one interesting observation: In one of the cases when background token refresh is happening there is a flow when RestSessionCatalog uses basic authorization (not bearer) and Keycloak is able to authenticate such request. But unfortunately it fails because Keycloak can't validate an actor_token https://github.com/apache/iceberg/blob/main/core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Util.java#L605 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
