Re: [I] The deprecated OAuth endpoint still documents unsafe token-exchange behavior [iceberg]

via GitHub Wed, 20 May 2026 18:12:55 -0700


RussellSpitzer commented on issue #16487:
URL: https://github.com/apache/iceberg/issues/16487#issuecomment-4503919930


   Not a security issue, this is deprecated and the security implication is 
explicitly noted in the deprecation notice.
   ```
           The `oauth/tokens` endpoint is **DEPRECATED for REMOVAL**. It is 
_not_ recommended to
           implement this endpoint, unless you are fully aware of the potential 
security implications.
           ...
           Deprecated since Iceberg (Java) 1.6.0. The endpoint and related 
types will be removed from
           this spec in Iceberg (Java) 2.0.
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [I] The deprecated OAuth endpoint still documents unsafe token-exchange behavior [iceberg]

Reply via email to