dimas-b commented on code in PR #10603: URL: https://github.com/apache/iceberg/pull/10603#discussion_r1672643927
########## open-api/rest-catalog-open-api.yaml: ########## @@ -134,9 +134,22 @@ paths: post: tags: - OAuth2 API - summary: Get a token using an OAuth2 flow + summary: Get a token using an OAuth2 flow (DEPRECATED for REMOVAL) + deprecated: true operationId: getToken description: + The `oauth/tokens` endpoint is **DEPRECATED for REMOVAL**. It is _not_ recommended to + implement this endpoint, unless you are fully aware of the potential security implications. + + All clients are encouraged to explicitly set the configuration property `oauth2-server-uri` + to the correct OAuth endpoint. + + Deprecated since Iceberg (Java) 1.6.0. The endpoint and related types will be removed from + this spec in Iceberg (Java) 1.7.0. Review Comment: Removing the endpoint from the OpenAPI YAML could break auto-generated clients. Custom clients (e.g. the Iceberg java REST client) calling this endpoint in servers that offer backward compatibility will not be affected. AFAIK, PyIceberg also _not_ affected by dropping the endpoint from OpenAPI. Given the discussion of the negative security aspects of this endpoint (in the dev mail list), I tend to think that removing the endpoint from Open API sooner (1.7.0) is worth the potential hardship for auto-generated clients. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org