Re: [PR] Introduce 419 AuthenticationTimeoutResponse on token expiration [polaris]

via GitHub Fri, 14 Feb 2025 21:26:12 -0800


flyrain commented on code in PR #1001:
URL: https://github.com/apache/polaris/pull/1001#discussion_r1957042936



##########
service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java:
##########
@@ -86,10 +88,13 @@ public String getSub() {
 
         @Override
         public String getScope() {
-          return decodedJWT.getClaim("scope").asString();
+          return decodedJWT.getClaim(CLAIM_KEY_SCOPE).asString();
         }
       };
 
+    } catch (TokenExpiredException e) {
+      LOGGER.error("Credentials have timed out with error", e);
+      throw new AuthenticationTimeoutException("Credentials have timed out");

Review Comment:
   According to the Iceberg REST specification, 419 is the correct response. 
Polaris needs to support it, despite some reasons—of which I am not aware—that 
suggest otherwise. Could someone explain why this response is considered 
incorrect?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] Introduce 419 AuthenticationTimeoutResponse on token expiration [polaris]

Reply via email to