[DO NOT MERGE] Core, REST, OAuth2: AuthManager v2 (MVP)#15704
Draft
adutra wants to merge 1 commit intoapache:mainfrom
Draft
[DO NOT MERGE] Core, REST, OAuth2: AuthManager v2 (MVP)#15704adutra wants to merge 1 commit intoapache:mainfrom
adutra wants to merge 1 commit intoapache:mainfrom
Conversation
adutra
force-pushed
the
auth-manager-v2-mvp
branch
from
feb3eb2 to
3f54d84
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Do not review this PR unless you are curious to get an early preview of Auth Manager v2 :-)
This PR encompasses the full scope of the AuthManager v2 effort, except support for human-to-machine grants (Authorization Code and Device Code), which will be introduced in a subsequent update. Cf. Auth Manager v2 design document.
The goal is to provide complete overview of the planned changes for the curious reader. This PR is not meant to be merged as-is: smaller, incremental PRs will be opened later to introduce these changes gradually.
Key features of the new implementation:
client_secret_basic,client_secret_post,none)issuer-urlaudienceviarest.auth.oauth2.extra-params.*)Architecture:
oauth2/— Core classes:OAuth2Manager,OAuth2Session,OAuth2Runtime,OAuth2Configoauth2/config/— Configuration model:BasicConfig,TokenExchangeConfig,TokenRefreshConfig,ConfigMigrator,ConfigValidatoroauth2/flow/— OAuth2 grant flows:ClientCredentialsFlow,RefreshTokenFlow,TokenExchangeFlow,EndpointProvideroauth2/client/— Low-levelOAuth2Clientfor HTTP token requestsoauth2/http/—RESTClientAdapterbridging Iceberg'sRESTClientto the OAuth2 clientDeprecations:
org.apache.iceberg.rest.auth.OAuth2Manager— deprecated, removal planned for 1.14.0org.apache.iceberg.rest.auth.OAuth2Properties— deprecated in favor ofOAuth2Configorg.apache.iceberg.rest.auth.OAuth2Util— deprecated in favor of the newOAuth2ManagerOther deprecations affect the REST layer (error handlers, etc.).
Docs:
Adds an OAuth2 configuration reference page (auto-generated from code) and a migration guide.
Tests:
~11,000 lines of new tests including unit tests for all components with MockServer, and Keycloak-based integration tests.