collado-mike commented on PR #952: URL: https://github.com/apache/polaris/pull/952#issuecomment-2640629727
> We are basically creating a broken server, so that it can understand broken clients. > > Also, no external IDP that I know of supports client secret without client id. No, generally they don't support client secret only for client_credentials flow, but they do support token exchange. Unfortunately, Iceberg has support for token exchange, but not at the catalog initialization. E.g., at https://github.com/apache/iceberg/blob/main/core/src/main/java/org/apache/iceberg/rest/RESTSessionCatalog.java#L1120-L1133 , it can use a developer token to exchange for an OAuth token, but that code doesn't execute at initialization. The only way for someone to submit a token for exchange is via the client_secret parameter :( -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
