adutra commented on issue #2581:
URL: https://github.com/apache/polaris/issues/2581#issuecomment-3303271880
@singhpk234 not exactly, the catalog server must expose a new endpoint, by
default `/.well-known/oauth-protected-resource`. This endpoint returns
something like:
```json
{
"resource": "https://polaris.example.com";,
"authorization_servers": ["https://as1.example.com";,
"https://as2.example.net";],
"bearer_methods_supported": ["header"],
"scopes_supported": ["catalog"],
"resource_documentation": "https://polaris.apache.org/";
}
```
An Iceberg REST client could interrogate this endpoint _prior_ to invoking
the config endpoint in order to understand where is the authorization server
located and which scopes are required to access Polaris.
Also, Polaris could redirect the client to the metadata endpoint
automatically when the client fails to authenticate properly, by including the
metadata endpoint in the `WWW-Authenticate` header in the 401 response.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
