raphaelsolarski commented on code in PR #17148:
URL: https://github.com/apache/iceberg/pull/17148#discussion_r3603057443


##########
core/src/main/java/org/apache/iceberg/rest/auth/OAuth2Properties.java:
##########
@@ -64,6 +64,16 @@ private OAuth2Properties() {}
   /** Optional param resource for OAuth2. */
   public static final String RESOURCE = "resource";
 
+  /**
+   * When enabled, the Authorization header inherited from the parent session 
is not forwarded when
+   * fetching a new token via the client credentials flow. This prevents 
strict identity providers
+   * from rejecting the token request due to using multiple authentication 
methods.
+   */
+  public static final String SKIP_INHERITED_AUTH_HEADER_IN_TOKEN_REQUEST =

Review Comment:
   Thanks for the comment. 
   
   1. In context of merging both flags under single one I see such issue that 
it is hard to find name that will say what the flag does. I'm not sure if we 
can use current `token-exchange-enabled` name but it's only my impression.
   
   2. I wonder if there is also 3rd scenario when `Authorization` header from 
parent session is used for token exchange in table session and contextual 
session scenario. @ebyhr also asked about it in [the 
comment](https://github.com/apache/iceberg/pull/17148#discussion_r3569010411).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to