Skip to content

Make issued_token_type optional to support OAuth2 Client Credential Flow #466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Fokko merged 4 commits into from
Feb 29, 2024
Merged

Make issued_token_type optional to support OAuth2 Client Credential Flow #466

Fokko merged 4 commits into from
Feb 29, 2024

Conversation

@flyrain
Copy link
Contributor

@flyrain flyrain commented Feb 23, 2024

To fix issue(#463). In short, Client Credential Flow's http response doesn't have the field issued_token_type. Make it optional to avoid validation error like this:

ValidationError: 1 validation error for TokenResponse
issued_token_type
  Field required [type=missing, input_value={'access_token': 'eyJhbGc... 'token_type': 'bearer'},
input_type=dict]

cc @danielcweeks @Fokko @syun64 @RussellSpitzer

sungwy
sungwy reviewed Feb 24, 2024
View reviewed changes
Copy link
Collaborator

@sungwy sungwy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @flyrain thank you very much for putting this together! I glossed over this discrepancy because PyIceberg was in 'developing' stages. It's exciting how fast this project is maturing!

I left a comment to point out a few other discrepancies in the existing TokenResponse model that I thought would also be great to fix this time around. Let me know what you think!

pyiceberg/catalog/rest.py Outdated
token_type: str = Field()
expires_in: int = Field()
issued_token_type: str = Field()
issued_token_type: Optional[str] = None
Copy link
Collaborator

@sungwy sungwy Feb 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we use this opportunity to align the OAuthTokenResponse exactly with the model specified in the Iceberg Rest Catalog Open API Spec?

  • we want to verify within the model that the issued_token_type is one of accepted types, if it is provided
  • the current model is missing Optional scope and refresh_token
  • also update expires_in to be Optional (expires_in is a recommended property in OAuth and if it wasn't provided in the TokenResponse, it will fail for similar reasons in the existing model)

Copy link
Contributor Author

@flyrain flyrain Feb 26, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's good ideas. Thanks for the review, @syun64. Fixed in a new commit.

sungwy
sungwy reviewed Feb 27, 2024
View reviewed changes
sungwy
sungwy approved these changes Feb 27, 2024
View reviewed changes
Copy link
Collaborator

@sungwy sungwy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from my side. Let's seek approval from @Fokko @danielcweeks to get this merged in 👍

@flyrain
Copy link
Contributor Author

flyrain commented Feb 27, 2024

Thanks @syun64 for the review. We will need at least an approval from committers. cc @Fokko @danielcweeks

Fokko
Fokko approved these changes Feb 29, 2024
View reviewed changes
Copy link
Contributor

@Fokko Fokko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @flyrain for fixing this 👍 I wasn't aware of this discrepancy!

Thanks @syun64 for the great review 🙌

pyiceberg/catalog/rest.py
expires_in: int = Field()
issued_token_type: str = Field()
expires_in: Optional[int] = Field(default=None)
issued_token_type: Optional[str] = Field(default=None)
Copy link
Contributor

@Fokko Fokko Feb 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could also convert this into a literal, since it is an enum in the spec:

Suggested change
issued_token_type: Optional[str] = Field(default=None)
issued_token_type: Optional[Literal['urn:ietf:params:oauth:token-type:access_token', 'urn:ietf:params:oauth:token-type:refresh_token', 'urn:ietf:params:oauth:token-type:id_token', 'urn:ietf:params:oauth:token-type:saml1', 'urn:ietf:params:oauth:token-type:saml2', 'urn:ietf:params:oauth:token-type:jwt'] = Field(default=None)

@Fokko Fokko merged commit 9a5bb07 into apache:main Feb 29, 2024
@flyrain
Copy link
Contributor Author

flyrain commented Feb 29, 2024

Thanks @Fokko for the review!

himadripal pushed a commit to himadripal/iceberg-python that referenced this pull request Mar 1, 2024
@flyrain
Make issued_token_type optional to support OAuth2 Client Credential…
83b34bb 
… Flow (apache#466)

* Make issued_token_type optional to support OAuth2 Client Credential Flow

* Fix the style issue

* Resolve comments

* Resolve comments

---------

Co-authored-by: yufei <[email protected]>
@flyrain flyrain mentioned this pull request Mar 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fokko Fokko Fokko approved these changes

@sungwy sungwy sungwy approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@flyrain @Fokko @sungwy