binarycat0 commented on issue #125: URL: https://github.com/apache/polaris-tools/issues/125#issuecomment-3750696562
@sohanhonavar @sohanh Hi, thank you for providing the proposed implementation. It works, however, unfortunately this is not exactly what I am suggesting to implement in this proposal. The current implementation referenced in [the branch](https://github.com/jbonofre/polaris-tools/tree/keycloak-support) supports a **server-to-server** authorization flow with using KC_ClientId and KC_ClientSecret only and does not provide the ability for **end-user** authentication. Additionally, the current implementation is tightly coupled to a single provider (Keycloak). I propose using a generic authorization scheme that can work with any OIDC-compliant provider, rather than being bound to a specific one. In the proposed design, an authorization flow is expected that includes token exchange with the OIDC system, using the token returned by the OIDC provider. WDYT? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
