okumin commented on code in PR #6086:
URL: https://github.com/apache/hive/pull/6086#discussion_r2389810828
##########
standalone-metastore/metastore-rest-catalog/src/main/java/org/apache/iceberg/rest/HMSCatalogAdapter.java:
##########
@@ -127,8 +117,6 @@ public HMSCatalogAdapter(Catalog catalog) {
}
enum Route {
- TOKENS(HTTPMethod.POST, "v1/oauth/tokens", null),
Review Comment:
Yes, it should.
The token endpoint is not of a Resource Server but of an Authorization
Server, i.e., typically Identity Provider such as Keycloak or Okta. The token
endpoint is responsible for issuing a secure(e.g., cryptographically signed)
Access Token.
Our endpoint is just a copied and pasted from iceberg-core, which is almost
like an echo server(no authentication happens). It is possible to embed the
Authorization Server roles in HMS; however, we would need to implement an RFC
6749, RFC 9068, or another RFC-compliant Authorization Server in that case.
Otherwise, no user exists.
https://github.com/apache/hive/blob/96cf347ae4b449b6fb8118d5c588641ea1a12106/standalone-metastore/metastore-rest-catalog/src/main/java/org/apache/iceberg/rest/HMSCatalogAdapter.java#L243-L265
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
