[I] [REST Catalog] Allow Creating AuthSession with JWT Token via Headers Instead of OAuth2 Flow [iceberg]

Sun, 06 Apr 2025 00:42:05 -0700 


osscm opened a new issue, #12735:
URL: https://github.com/apache/iceberg/issues/12735

   ### Feature Request / Improvement
   
   To integrate the REST Catalog into a user session flow, the current approach 
mandates using OAuth2 to generate a token via one of the following methods:
   
   1. Using an existing token
   2. Generating a new token
   3. Generating a token via the exchange flow
   
   In many cases, the first option—using an existing token—is sufficient, 
especially when Trino is already configured with OAuth2 or JWT-based 
authentication. However, the only way to currently pass a JWT token is by 
setting it in the `credentials map` and disabling the OAuth2 refresh token 
mechanism. This also requires setting `rest-catalog.security=OAuth2`, which 
doesn't look correct from the config perspective.
   
   A more flexible solution would be to allow passing custom headers—such as a 
JWT token—through the extraHeaders field in the SessionContext. This would 
enable authentication without relying solely on the credentialsMap or requiring 
the full OAuth2 flow.
   
   We are also making similar change on the Trino side, to allow the JWT auth 
flow for the rest-catalog as well, where the `token=jwtToken` key:value will be 
added to the `credentials map` and by default the oauth2 refresh token will be 
set to false.
   
   ### Query engine
   
   None
   
   ### Willingness to contribute
   
   - [ ] I can contribute this improvement/feature independently
   - [ ] I would be willing to contribute this improvement/feature with 
guidance from the Iceberg community
   - [ ] I cannot contribute this improvement/feature at this time


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org

Reply via email to