varpa89 commented on issue #12363: URL: https://github.com/apache/iceberg/issues/12363#issuecomment-2677799842
There is also a potential issue with ddos of IDP from the RestSessionCatalog. When I was debugging refresh token behaviour, I found a strange situation. We don't use session `"iceberg.rest-catalog.session" = 'NONE'` but in case when we provide credentials `"iceberg.rest-catalog.oauth2.credential" = 'admin:password'` we still create a session for each request. But key for the session in the cache is a random UUID. So we put a new session for each request and then in background try to refresh a token with retires <img width="601" alt="Image" src="https://github.com/user-attachments/assets/7b9bce52-f89f-4dbc-bddc-c6570df31118"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
