lxyzxx opened a new pull request, #4289: URL: https://github.com/apache/arrow-adbc/pull/4289
This change follows the earlier discussion in [#4272](https://github.com/apache/arrow-adbc/pull/4272). Now that Arrow Java 19.0.0 has been merged, Java ADBC Flight SQL can reuse the OAuth2 support already implemented in Arrow Java. This commit wires that existing Arrow Java OAuth2 implementation into the Java ADBC Flight SQL driver, instead of introducing a separate OAuth implementation on the ADBC side. ### What changed - add OAuth2 support for Java ADBC Flight SQL - support `client_credentials` - support `token_exchange` - align exposed OAuth parameter semantics with Arrow Java - preserve driver-thrown `AdbcException` status codes during connection setup - close `FlightClient` on failed authentication / handshake paths - add regression coverage for OAuth configuration validation - add HTTPS token endpoint coverage using JVM trustStore semantics ### Usage notes For `client_credentials`, configure: - `adbc.flight.sql.oauth.flow` - `adbc.flight.sql.oauth.token_uri` - `adbc.flight.sql.oauth.client_id` - `adbc.flight.sql.oauth.client_secret` For `token_exchange`, use the corresponding `adbc.flight.sql.oauth.exchange.*` properties. OAuth token endpoint HTTPS validation follows the Arrow Java / JVM SSL behavior and uses the JVM SSL configuration, such as: - `javax.net.ssl.trustStore` - `javax.net.ssl.trustStorePassword` - `javax.net.ssl.trustStoreType` Flight server TLS continues to use the existing ADBC Flight SQL TLS connection properties. Token refresh / re-acquisition is delegated to the reused Arrow Java OAuth provider and happens on demand when a valid token is needed for a request. ### Validation - added / updated OAuth regression tests - manually verified `client_credentials` against a local Keycloak setup - verified token acquisition and successful Flight SQL connection - verified token re-acquisition after expiry on subsequent requests -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
