added support for OAuth Client Credentials grant in the Scala client #553
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
moderakh
changed the title
chakankardb
reviewed
Aug 6, 2024
client/src/main/scala/io/delta/sharing/client/DeltaSharingClient.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/CredentialProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/CredentialProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClient.scala
Outdated
Show resolved
Hide resolved
linzhou-db
reviewed
Aug 6, 2024
client/src/main/scala/io/delta/sharing/client/DeltaSharingClient.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingClient.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
linzhou-db
reviewed
Aug 6, 2024
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingClient.scala
Outdated
Show resolved
Hide resolved
chakankardb
reviewed
Aug 7, 2024
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/DeltaSharingProfileProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClient.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Outdated
Show resolved
Hide resolved
linzhou-db
reviewed
Aug 7, 2024
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Outdated
Show resolved
Hide resolved
… now I changed to re-entrant lock for better readiblity
chakankardb
approved these changes
Aug 8, 2024
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Show resolved
Hide resolved
client/src/test/scala/io/delta/sharing/client/DeltaSharingFileProfileProviderSuite.scala
Outdated
Show resolved
Hide resolved
client/src/main/scala/io/delta/sharing/client/auth/OAuthClientCredentialsAuthProvider.scala
Outdated
Show resolved
Hide resolved
linzhou-db
reviewed
Aug 14, 2024
| case oauthProfile: OAuthClientCredentialsDeltaSharingProfile => | ||
| OAuthClientCredentialsAuthProvider(client, authConfig, oauthProfile) | ||
| case BearerTokenDeltaSharingProfile(_, _, bearerToken, expirationTime) => | ||
| BearerTokenAuthProvider(bearerToken, expirationTime) |
There was a problem hiding this comment.
nit: should we throw internal exception if it didn't match either.
| maxDur | ||
| } | ||
|
|
||
| def tokenRenewalThresholdInSeconds(conf: Configuration): Int = { |
There was a problem hiding this comment.
we may not need both functions for each conf?
moderakh
added a commit
that referenced
this pull request
Aug 14, 2024
The current OAuth implementation in the Python client does not reuse access tokens. Instead, it exchanges the client-id and client-secret for a new access token with every request. This behavior increases the load on the tokenEndpoint and introduces unnecessary latency in the request processing. This PR updates the OAuth implementation to oauth reuse access tokens, aligning the Python client with the OAuth behavior of the Scala client, as detailed in this [PR for the Scala client](#553). For additional context on the usage of auth_provider and its functionality, please refer to the description in the original PR for the Spark client.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added OAuth Client Credentials Support in Scala Client
Overview:
This PR introduces support for OAuth Client Credentials in the Scala client.
Adds a CredentialProvider trait and two implementations:
CredentialProviderTrait:Added the CredentialProvider trait which includes a method CredentialProvider#addAuthHeader(httpRequest: HttpRequestBase). This method is responsible for adding the authentication header to the HTTP request.
Implementations of CredentialProvider:
BearerTokenAuthProvider: A simple implementation that uses a provided bearer token.OAuthClientCredentialsAuthProvider: This implementation handles OAuth client credential grants. It manages the access token internally and refreshes it when it is about to expire (within the next 10 minutes), using the clientId and clientSecret to obtain a new token.Functionality:
The DeltaShringClient now invokes credentialProvider.addAuthHeader() before making any requests, ensuring that the appropriate authentication header is included.
OAuth Token Management:
The OAuthClientCredentialsAuthProvider efficiently manages the OAuth access token. It only exchanges the clientId and clientSecret for a new access token when the current token is nearing expiration
New format for the profile share file: