1raghavmahajan opened a new issue, #13732: URL: https://github.com/apache/iceberg/issues/13732
### Apache Iceberg version 1.9.2 (latest release) ### Query engine None ### Please describe the bug 🐞 ### Summary When configuring the Iceberg REST client to use a custom OAuth2 endpoint via the `oauth2-server-uri` property, users may still receive the following warning: ``` 25/08/04 16:46:21 WARN OAuth2Manager: Iceberg REST client is missing the OAuth2 server URI configuration and defaults to <catalog-uri>/v1/oauth/tokens. This automatic fallback will be removed in a future Iceberg release.It is recommended to configure the OAuth2 endpoint using the 'oauth2-server-uri' property to be prepared. This warning will disappear if the OAuth2 endpoint is explicitly configured. See https://github.com/apache/iceberg/issues/10537 ``` However, this warning can persist even when a valid `oauth2-server-uri` has been set. The underlying cause is the check in `OAuth2Manager` that determines whether: 1. The `oauth2-server-uri` property is set, and 2. The configured OAuth2 endpoint has the catalog URI as its prefix or is a relative path URI. Ref: [OAuth2Manager.java#L297-L299](https://github.com/apache/iceberg/blob/c23b341ea4398c2513fe2495a44fc6f23e4d72ef/core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Manager.java#L297-L299) Since we want to remove the default tokens endpoint (`/v1/oauth/tokens`) as part of [#10537](https://github.com/apache/iceberg/issues/10537), the intention behind the warning is presumably to alert users who rely on the catalog’s built-in tokens endpoint. However, the current check incorrectly flags scenarios in which users have explicitly configured the OAuth2 server URI on a path that resembles the catalog endpoint. ### Proposed Fix - Allow users to set `oauth2-server-uri` to any desired URL. - Eliminate the assumption that if a custom OAuth2 endpoint is under the same domain or path prefix as the catalog endpoint, it must be using `<catalog-uri>/v1/oauth/tokens`. - Only trigger the warning if `oauth2-server-uri` is truly unset or if it is a relative path (`/v1/oauth/tokens`). This change reflects the principle that the client should not attempt to override user intentions regarding where the OAuth2 server resides when it is explicitly set. It does not interfere with the plan to remove the endpoint or alter the default behavior. ### Willingness to contribute - [x] I can contribute a fix for this bug independently - [ ] I would be willing to contribute a fix for this bug with guidance from the Iceberg community - [ ] I cannot contribute a fix for this bug at this time -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
