danielcweeks opened a new pull request, #13809: URL: https://github.com/apache/iceberg/pull/13809
We've had a number of issues reported that relate to the default refresh path for tokens created through the client credentials flow. The first is that we assume that token exchange is the default refresh path and the second is that some IDPs have different behaviors around token exchange. Some disallow refreshing and fail while others support exchange without refreshing the token expiration and others fully support this approach which provides a viable refresh path. There's a lot of flexibility within spec for the RFCs governing this. Given that many IDPs do not support this exchange and the expected path to get a new token when you have client credentials is to just use the client credentials flow, we need a way to allow that behavior. In the future, we want to better support refresh tokens and possibly remove the exchange behavior, but regardless the recommended path for new token creation with client credentials is to use the client credential flow like proposed in this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@iceberg.apache.org For additional commands, e-mail: issues-h...@iceberg.apache.org
