Hi all, Dremio recently open-sourced a new implementation of the Auth Manager API for OAuth2:
https://github.com/dremio/iceberg-auth-manager I wrote a blog post about it a while ago [1]. Built on top of the Auth Manager API introduced in Iceberg 1.9.0, this project provides a more flexible and extensible OAuth2 manager compared to the built-in equivalent in Iceberg Core. It follows OAuth2 standards strictly, but also provides compatibility with any existing Apache Iceberg REST catalog, and contains no Dremio-specific functionality. To date, this is the only OAuth2 manager fully compliant with external identity providers. Dremio would like to contribute this code to the Apache Iceberg project. I am therefore initiating this discussion to determine the community's interest in accepting this donation. This project is beneficial to the community because it addresses well-known limitations, such as token refresh problems [2][3][4], and also because it introduces highly anticipated features like the Authorization Code grant support [5]. Fixing these limitations or adding support for such large features in the built-in manager, while avoiding any risk of regressions, would have been a lot harder. Also worth mentioning: this project adheres to the "Iceberg OAuth2 Client Authentication Guide", proposed by Christian Thiel [6]. This project could initially serve as a runtime-selectable alternative to the current built-in implementation. Upon reaching sufficient maturity however, it could potentially replace the existing manager. Please share your thoughts by replying to this email. Alternatively, we can discuss this topic at the Catalog Sync meeting this Wednesday, June 18th, if that is a more comfortable option to everyone. Thanks, Alex [1] https://medium.com/data-engineering-with-dremio/introducing-dremio-auth-manager-for-apache-iceberg-223827342d19 [2]: https://github.com/apache/iceberg/issues/12196 [3]: https://github.com/apache/iceberg/issues/12363 [4]: https://github.com/apache/iceberg/issues/13030 [5]: https://github.com/apache/iceberg/issues/10677 [6]: https://docs.google.com/document/d/1buW9PCNoHPeP7Br5_vZRTU-_3TExwLx6bs075gi94xc/edit?tab=t.0#heading=h.hufqidg1ij89
