dimas-b commented on code in PR #10603:
URL: https://github.com/apache/iceberg/pull/10603#discussion_r1672643927
##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -134,9 +134,22 @@ paths:
post:
tags:
- OAuth2 API
- summary: Get a token using an OAuth2 flow
+ summary: Get a token using an OAuth2 flow (DEPRECATED for REMOVAL)
+ deprecated: true
operationId: getToken
description:
+ The `oauth/tokens` endpoint is **DEPRECATED for REMOVAL**. It is _not_
recommended to
+ implement this endpoint, unless you are fully aware of the potential
security implications.
+
+ All clients are encouraged to explicitly set the configuration
property `oauth2-server-uri`
+ to the correct OAuth endpoint.
+
+ Deprecated since Iceberg (Java) 1.6.0. The endpoint and related types
will be removed from
+ this spec in Iceberg (Java) 1.7.0.
Review Comment:
Removing the endpoint from the OpenAPI YAML could break auto-generated
clients. Custom clients (e.g. the Iceberg java REST client) calling this
endpoint in servers that offer backward compatibility will not be affected.
AFAIK, PyIceberg also _not_ affected by dropping the endpoint from OpenAPI.
Given the discussion of the negative security aspects of this endpoint (in
the dev mail list), I tend to think that removing the endpoint from Open API
sooner (1.7.0) is worth the potential hardship for auto-generated clients.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org
For additional commands, e-mail: issues-h...@iceberg.apache.org
