collado-mike commented on PR #952:
URL: https://github.com/apache/polaris/pull/952#issuecomment-2643767326
> Where is "magic" here? 😃 IMHO, `credential=polaris:${token}` conveys
intent openly and clearly - Polaris will authenticate this request based on
`${token}`. Perhaps `credential=polaris-token:${token}` makes it even more
direct?
The prefix itself is magic and arbitrary. E.g., the `token` itself may not
be a Polaris token. It may be an OAuth or SAML token vended by another service
entirely. The prefix doesn't actually convey any meaning.
> I wonder whether `credential=:${token}` (empty client ID) works in
practice. If it does, I think it's a viable option too.
My very, very quick test suggests this _does_ work, when tested from the
Iceberg java client. I'm ok with requiring the `:` in the `Basic` auth header
if we can accept blank values to indicate token exchange.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
