Hi Christian and team, Thank you for your review. This topic has been added to the agenda for our upcoming catalog sync on January 14th.
I agree that porting the legacy token-exchange behavior to the new manager might be unnecessary – I anticipate this will be a key discussion point on Wednesday. Skipping these features would significantly simplify the implementation. I look forward to our meeting! Thanks, Alex On Wed, Jan 7, 2026 at 6:11 PM Christian Thiel <[email protected]> wrote: > > Hello Alex, > > Thanks for your persistent initiative! > > I’ve gone through the document, and it looks good to me. The plan looks solid > to me, and the selection of flows aligns with what we previously discussed in > the community. I’m not entirely sure we need to migrate the legacy > token‑exchange behaviour to the new Manager. Since this flow is specific to > Iceberg and the endpoint has been deprecated for over 1.5 years, it might no > longer be necessary. > > Looking forward to discussing this further in next week's sync! Best, > Christian > > > > On Mon, 5 Jan 2026 at 16:30, Alexandre Dutra <[email protected]> wrote: >> >> Hi all, >> >> I hope you're having a great start to the new year! >> >> I'm following up on the Auth Manager v2 proposal that I shared a while >> back. I haven't gotten any feedback or comments on the design doc [1] >> so far, but I know many of us were away during the last weeks >> (including myself). >> >> It would be awesome if we could chat about it during our next catalog >> sync meeting on January 14th. Any feedback is welcome, but I'd >> especially love to hear from folks who use any of the "advanced >> features" mentioned in the document. >> >> Thanks, >> Alex >> >> [1]: >> https://docs.google.com/document/d/1Hxw-t8Maa7wZFmrlSujm7LRawKsFP3Q31tET_3aRnQU/edit?usp=sharing >> On Fri, Dec 12, 2025 at 6:53 PM Alexandre Dutra <[email protected]> wrote: >> > >> > Hi all, >> > >> > I would like to resume the discussion around the OAuth2 manager in >> > Iceberg REST with a new proposal. >> > >> > Our last conversation [1] indicated a community preference for >> > enhancing the existing manager within iceberg-core, rather than >> > introducing a separate one. We agreed that deprecations and new >> > dependencies, like an OAuth2 library, were acceptable trade-offs. >> > >> > After an extensive PoC, I have developed a design document for what I >> > am calling the "OAuth2 Manager v2" initiative [2]. >> > >> > While the ideal goal was a seamless evolution of the existing manager, >> > the reality is more complex. The proposal is designed to make the >> > migration of both configuration and runtime behavior as smooth as >> > possible, although some adjustments will be necessary. A roadmap with >> > different steps (deprecation, transition, removal), spanning a few >> > minor Iceberg versions, is included in the document. >> > >> > I welcome your thoughts on the design doc and look forward to >> > discussing this topic at the next catalog meeting in January 2026. >> > >> > Thanks, >> > Alex >> > >> > [1]: https://lists.apache.org/thread/on7xcr838ol0bctxjjfnkjb72rjwnmsk >> > [2]: >> > https://docs.google.com/document/d/1Hxw-t8Maa7wZFmrlSujm7LRawKsFP3Q31tET_3aRnQU/edit?usp=sharing
