nkemnitz opened a new issue, #783:
URL: https://github.com/apache/arrow-rs-object-store/issues/783

   **Describe the bug**
   
   `ClientOptions::client()` applies user `default_headers` 
(`src/client/mod.rs:843`) and
   also sets `.no_gzip()...` (`mod.rs:929`). The GCP token providers reuse that 
same client
   (`src/gcp/builder.rs:606-608`). So a data-plane `Accept-Encoding: gzip` 
header leaks onto
   the OAuth token POST (`src/gcp/credential.rs:613-637`, 
`accounts.google.com/o/oauth2/token`);
   Google returns gzip, `no_gzip` skips decoding, and `.json()` fails → 
`Error::TokenResponseBody`.
   The client tells the server "send gzip" while telling reqwest "don't decode 
gzip".
   
   **To Reproduce**
   
   ```rust
   let mut h = http::HeaderMap::new();
   h.insert("accept-encoding", "gzip".parse().unwrap());
   let store = GoogleCloudStorageBuilder::from_env()
       .with_bucket_name("my-bucket")
       .with_client_options(ClientOptions::new().with_default_headers(h))
       .build()?;
   store.get(&"x".into()).await?; // authorized_user ADC: token fetch fails 
before the GET
   ```
   
   Error: `Generic { store: "GCS", source: TokenResponseBody(... "expected 
value at line 1 column 1") }`.
   (`Accept-Encoding: gzip` is legitimate: it makes GCS serve 
`Content-Encoding: gzip` objects as raw gzip.)
   
   **Expected behavior**
   
   Setting `default_headers` for the data plane should not break authentication.
   
   **Additional context**
   
   -


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to