drewrukin opened a new pull request, #56586:
URL: https://github.com/apache/spark/pull/56586
### What changes were proposed in this pull request?
This PR changes the JVM Spark Connect client token metadata key used by
`AccessTokenCallCredentials` from `Authentication` to `Authorization`.
It also adds a regression test for the generated bearer-token metadata.
### Why are the changes needed?
Spark Connect server token authentication validates `Authorization: Bearer
<token>`. It does not read an `Authentication` metadata key.
The JVM client `CallCredentials` path is used for non-local token
connections and TLS-enabled connections. Before this change, that path sent the
token under `Authentication`, so a correctly configured JVM client could still
fail with `UNAUTHENTICATED` against a Spark Connect server configured with
`spark.connect.authenticate.token`.
`Authentication` came from the older Scala client SSL/access-token work,
while later server-side Spark Connect token auth standardized on
`Authorization`. This PR aligns the older JVM CallCredentials path with the
server contract.
### Does this PR introduce _any_ user-facing change?
Yes. A JVM Spark Connect client using token auth through the non-local/TLS
`CallCredentials` path can authenticate successfully with a server configured
with `spark.connect.authenticate.token`.
There is no API or configuration change.
### How was this patch tested?
Added a regression test in `SparkConnectClientSuite` that verifies
`AccessTokenCallCredentials` emits `Authorization: Bearer <token>` and does not
emit the old `Authentication` metadata key.
Targeted test command:
```bash
./build/sbt "connect-client-jvm/testOnly
org.apache.spark.sql.connect.client.SparkConnectClientSuite -- -z 'access
token call credentials use Authorization metadata'"
I was not able to complete the local test run because dependency download in
this environment was blocked by a proxy 407 response.
### Was this patch authored or co-authored using generative AI tooling?
Generated-by: OpenAI Codex
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]