adutra commented on issue #441:
URL: https://github.com/apache/polaris/issues/441#issuecomment-3818279637
(sorry for the late reply)
> Can an external principal still support batch workloads that require a
client-credentials grant flow, similar to what the internal realm supports by
default ?
Yes, absolutely. The way a principal obtains its access token is not a
Polaris concern (it is an interaction between the user, the client and the
IDP), as long as the token is valid it should be fine.
> Or is it better to migrate these service-account principals to Azure AD
and enforce the client-credentials grant flow there instead ?
They can stay as internal principals if that works for you. But imho, it
would be better to migrate away from internal principals completely, if you are
using an external IDP. You just need to declare those special service accounts
in Azure AD.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
