j1wonpark opened a new pull request, #56389:
URL: https://github.com/apache/spark/pull/56389
### What changes were proposed in this pull request?
The Scala/JVM Spark Connect client sends the access token (from the `token`
connection param) in a non-standard `Authentication` gRPC metadata header. This
changes it to the standard `Authorization`, and adds a unit test.
```scala
- Metadata.Key.of("Authentication", Metadata.ASCII_STRING_MARSHALLER)
+ Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)
```
### Why are the changes needed?
Bearer tokens belong in `Authorization` (RFC 6750). The old key breaks token
auth and is inconsistent with every other consumer:
- server-side `PreSharedKeyAuthenticationInterceptor` reads the token from
`Authorization`;
- the local-channel path in the same client already uses `Authorization`;
- the Python client uses gRPC's `access_token_call_credentials` (i.e.
`Authorization`);
- standard JWT proxies (e.g. Envoy/Istio) extract the bearer from
`Authorization` and otherwise reject the request.
The typo dates to SPARK-42533 (2023) and went unnoticed until an in-tree
server consumer (`PreSharedKeyAuthenticationInterceptor`, SPARK-57066) appeared.
### Does this PR introduce _any_ user-facing change?
Yes. The Scala/JVM client now sends the token in `Authorization` instead of
`Authentication`, fixing token auth against the pre-shared-key interceptor and
standard JWT proxies.
### How was this patch tested?
New unit test in `SparkConnectClientSuite` asserting
`AccessTokenCallCredentials` emits `Authorization: Bearer <token>` (RED before
the fix, GREEN after); full suite passes.
### Was this patch authored or co-authored using generative AI tooling?
Generated-by: Claude Code (Opus 4.8)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]