Re: [PR] Add token refresh and token exchange OAuth2 flows to polaris-synchronizer tool. [polaris-tools]

Tue, 22 Apr 2025 11:13:53 -0700 


adutra commented on code in PR #8:
URL: https://github.com/apache/polaris-tools/pull/8#discussion_r2054601876


##########
polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/auth/AuthenticationSessionWrapper.java:
##########
@@ -0,0 +1,82 @@
+package org.apache.polaris.tools.sync.polaris.auth;
+
+import org.apache.iceberg.rest.HTTPClient;
+import org.apache.iceberg.rest.RESTClient;
+import org.apache.iceberg.rest.auth.AuthConfig;
+import org.apache.iceberg.rest.auth.OAuth2Properties;
+import org.apache.iceberg.rest.auth.OAuth2Util;
+import org.apache.iceberg.util.ThreadPools;
+
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * Wraps {@link OAuth2Util.AuthSession} to provide supported authentication 
flows.
+ */
+public class AuthenticationSessionWrapper {
+
+    private final OAuth2Util.AuthSession authSession;
+
+    public AuthenticationSessionWrapper(Map<String, String> properties) {
+        this.authSession = this.newAuthSession(properties);
+    }
+
+    /**
+     * Initializes a new authentication session. Supports client_credentials 
and bearer token flow.
+     * @param properties properties to initialize the session with
+     * @return an authentication session, with token refresh if applicable
+     */
+    private OAuth2Util.AuthSession newAuthSession(Map<String, String> 
properties) {
+
+        RESTClient restClient = HTTPClient.builder(Map.of())
+                .uri(properties.get(OAuth2Properties.OAUTH2_SERVER_URI))
+                .build();
+
+        OAuth2Util.AuthSession parent = new OAuth2Util.AuthSession(
+                Map.of(),
+                AuthConfig.builder()
+                        
.credential(properties.get(OAuth2Properties.CREDENTIAL))
+                        .scope(properties.get(OAuth2Properties.SCOPE))
+                        
.oauth2ServerUri(properties.get(OAuth2Properties.OAUTH2_SERVER_URI))
+                        .token(properties.get(OAuth2Properties.TOKEN))
+                        .tokenType(OAuth2Properties.ACCESS_TOKEN_TYPE)
+                        
.optionalOAuthParams(OAuth2Util.buildOptionalParam(properties))
+                        .build()

Review Comment:
   I would suggest to create the parent session without `token` and 
`credential` since you are going to create a child session with these right 
after.
   
   ```suggestion
                           .scope(properties.get(OAuth2Properties.SCOPE))
                           
.oauth2ServerUri(properties.get(OAuth2Properties.OAUTH2_SERVER_URI))
                           
.optionalOAuthParams(OAuth2Util.buildOptionalParam(properties))
                           .build()
   ```



##########
polaris-synchronizer/api/src/main/java/org/apache/polaris/tools/sync/polaris/auth/AuthenticationSessionWrapper.java:
##########
@@ -0,0 +1,82 @@
+package org.apache.polaris.tools.sync.polaris.auth;
+
+import org.apache.iceberg.rest.HTTPClient;
+import org.apache.iceberg.rest.RESTClient;
+import org.apache.iceberg.rest.auth.AuthConfig;
+import org.apache.iceberg.rest.auth.OAuth2Properties;
+import org.apache.iceberg.rest.auth.OAuth2Util;
+import org.apache.iceberg.util.ThreadPools;
+
+import java.util.Map;
+import java.util.UUID;
+
+/**
+ * Wraps {@link OAuth2Util.AuthSession} to provide supported authentication 
flows.
+ */
+public class AuthenticationSessionWrapper {
+
+    private final OAuth2Util.AuthSession authSession;
+
+    public AuthenticationSessionWrapper(Map<String, String> properties) {
+        this.authSession = this.newAuthSession(properties);
+    }
+
+    /**
+     * Initializes a new authentication session. Supports client_credentials 
and bearer token flow.
+     * @param properties properties to initialize the session with
+     * @return an authentication session, with token refresh if applicable
+     */
+    private OAuth2Util.AuthSession newAuthSession(Map<String, String> 
properties) {
+
+        RESTClient restClient = HTTPClient.builder(Map.of())

Review Comment:
   This client holds resources and must be closed when the application closes. 
Since we already have a problem with the thread pools created below, as 
@pingtimeout pointed out, I think that it would be worth spending some time to 
make this class implement `AutoCloseable`, then properly implement the 
`close()` method and close all the resources.
   
   But then you'd need to make sure that the 
`AuthenticationSessionWrapper.close()` method is called. I see that this class 
is used in two places: `PolarisCatalog` and `PolarisApiService`. For 
`PolarisCatalog` it's easy because it already has a `close()` method. However 
`PolarisApiService` doesn't, so you might need to investigate how to properly 
close its `AuthenticationSessionWrapper`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to