adutra commented on issue #12363: URL: https://github.com/apache/iceberg/issues/12363#issuecomment-2676279426
Hi @c-thiel and @nqvuong1998! Yes, the fact that token refreshes are broken when using an external IDP like Keycloak is a known issue. To summarize (and your analyzis was spot on!), there are two issues: 1. using token exchange to refresh tokens with `client_credentials` is non-standard; 2. a malformed token exchange request results in 401. I posted some explanations here: https://github.com/apache/iceberg/issues/12196#issuecomment-2674990474. > do you know if the new Auth Manager would solve this? The AuthManager API can definitely help this issue, although it won't solve it per se. Let's push to have it merged: https://github.com/apache/iceberg/pull/12197 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
