gaurav singh has posted comments on this change. ( http://gerrit.cloudera.org:8080/21728 )
Change subject: WIP IMPALA-13288: OAuth AuthN Support for Impala ...................................................................... Patch Set 29: (4 comments) http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/rpc/authentication.cc@229 PS28, Line 229: the sen > Nit: an OAuth what? Token, key, etc? token. Added. Thanks. http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/rpc/authentication.cc@234 PS28, Line 234: ate sign > Nit: contains Done http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/service/impala-server.cc File be/src/service/impala-server.cc: http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/service/impala-server.cc@3136 PS28, Line 3136: return Status("JWKS file for OAuth is not specified"); > Need to differentiate between the JWT JWKS and the OAuth JWKS in these erro Done http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/transport/THttpServer.cpp File be/src/transport/THttpServer.cpp: http://gerrit.cloudera.org:8080/#/c/21728/28/be/src/transport/THttpServer.cpp@337 PS28, Line 337: } > The issue I see here is with OAuth and JWT using the exact same HTTP header Correct, if both the has_oauth_ and has_jwt_ are set and impala receives the oauth request, it will fail the first block (has_jwt_) and register it as a jwt authentication failure. One solution that I can think of is that if the oauth authentication succeeds, then we can do: http_metrics_->total_jwt_token_auth_failure_->Decrement(1); -- To view, visit http://gerrit.cloudera.org:8080/21728 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I65dc8db917476b0f0d29b659b9fa51ebaf45b7a6 Gerrit-Change-Number: 21728 Gerrit-PatchSet: 29 Gerrit-Owner: gaurav singh <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Jason Fehr <[email protected]> Gerrit-Reviewer: gaurav singh <[email protected]> Gerrit-Comment-Date: Fri, 10 Jan 2025 19:24:51 +0000 Gerrit-HasComments: Yes
