adutra commented on code in PR #12612:
URL: https://github.com/apache/iceberg/pull/12612#discussion_r2012840947
##########
aws/src/main/java/org/apache/iceberg/aws/AwsClientProperties.java:
##########
@@ -199,7 +199,9 @@ public AwsCredentialsProvider credentialsProvider(
String accessKeyId, String secretAccessKey, String sessionToken) {
if (refreshCredentialsEnabled &&
!Strings.isNullOrEmpty(refreshCredentialsEndpoint)) {
clientCredentialsProviderProperties.put(
- VendedCredentialsProvider.URI, refreshCredentialsEndpoint);
+ VendedCredentialsProvider.CREDENTIALS_ENDPOINT,
refreshCredentialsEndpoint);
+ clientCredentialsProviderProperties.put(
+ VendedCredentialsProvider.URI,
allProperties.get(CatalogProperties.URI));
Optional.ofNullable(allProperties.get(OAuth2Properties.TOKEN))
Review Comment:
Tangential question: here we are transferring the `TOKEN` property from
`allPropeties` to `clientCredentialsProviderProperties`.
But what about the other auth properties? I'm especially concerned about
`OAuth2Properties.OAUTH2_SERVER_URI`. If that property is not retained, and the
token endpoint is not the default one, the credentials provider won't be able
to fetch a token successfully.
The same could be said of properties like `SCOPE`, `RESOURCE` or `AUDIENCE`.
Why aren't we transferring those as well?
The only way currently to pass an auth server URL to the provider would be
to "wrap" it in a property like
`client.credentials-provider.oauth2-server-uri=http://auth-server.com/tokens`.
Is that the recommended approach?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
