flyrain commented on issue #791: URL: https://github.com/apache/polaris/issues/791#issuecomment-2670293077
The RFC(https://www.rfc-editor.org/rfc/rfc6750) recommends to use `401`. > invalid_token The access token provided is expired, revoked, malformed, or invalid for other reasons. The resource SHOULD respond with the HTTP 401 (Unauthorized) status code. The client MAY request a new access token and retry the protected resource request. I don't have the context why Iceberg REST spec introduced `419`, but it seems not quite useful based on the following statements: 1. The RFC recommend `401` for expiration 2. It's not a good practice of leaking the information of a token is expired. 3. Most well known IDPs don't leak the information of a token is expired. 4. Iceberg REST endpoint `/token` was deprecation. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
