Package org.apache.iceberg.rest.auth

Class OAuth2Manager

java.lang.Object
org.apache.iceberg.rest.auth.RefreshingAuthManager
org.apache.iceberg.rest.auth.OAuth2Manager
All Implemented Interfaces:
AutoCloseable, AuthManager
public class OAuth2Manager extends RefreshingAuthManager

  • Constructor Details

    • OAuth2Manager

      public OAuth2Manager(String managerName)

  • Method Details

    • initSession

      public OAuth2Util.AuthSession initSession(RESTClient initClient, Map<String,String> properties)
      Description copied from interface: AuthManager
      Returns a temporary session to use for contacting the configuration endpoint only. Note that the returned session will be closed after the configuration endpoint is contacted, and should not be cached.

      The provided REST client is a short-lived client; it should only be used to fetch initial credentials, if required, and must be discarded after that.

      This method cannot return null. By default, it returns the catalog session.

    • catalogSession

      public OAuth2Util.AuthSession catalogSession(RESTClient sharedClient, Map<String,String> properties)
      Description copied from interface: AuthManager
      Returns a long-lived session whose lifetime is tied to the owning catalog. This session serves as the parent session for all other sessions (contextual and table-specific). It is closed when the owning catalog is closed.

      The provided REST client is a long-lived, shared client; if required, implementors may store it and reuse it for all subsequent requests to the authorization server, e.g. for renewing or refreshing credentials. It is not necessary to close it when AuthManager.close() is called.

      This method cannot return null.

      It is not required to cache the returned session internally, as the catalog will keep it alive for the lifetime of the catalog.

    • contextualSession

      public OAuth2Util.AuthSession contextualSession(SessionCatalog.SessionContext context, AuthSession parent)
      Description copied from interface: AuthManager
      Returns a session for a specific context.

      If the context requires a specific AuthSession, this method should return a new AuthSession instance, otherwise it should return the parent session.

      This method cannot return null. By default, it returns the parent session.

      Implementors should cache contextual sessions internally, as the catalog will not cache them. Also, the owning catalog never closes contextual sessions; implementations should manage their lifecycle themselves and close them when they are no longer needed.

    • tableSession

      public OAuth2Util.AuthSession tableSession(TableIdentifier table, Map<String,String> properties, AuthSession parent)
      Description copied from interface: AuthManager
      Returns a new session targeting a specific table or view. The properties are the ones returned by the table/view endpoint.

      If the table or view requires a specific AuthSession, this method should return a new AuthSession instance, otherwise it should return the parent session.

      This method cannot return null. By default, it returns the parent session.

      Implementors should cache table sessions internally, as the catalog will not cache them. Also, the owning catalog never closes table sessions; implementations should manage their lifecycle themselves and close them when they are no longer needed.

    • close

      public void close()
      Description copied from interface: AuthManager
      Closes the manager and releases any resources.

      This method is called when the owning catalog is closed.

      Specified by:
      close in interface AuthManager
      Specified by:
      close in interface AutoCloseable
      Overrides:
      close in class RefreshingAuthManager

    • newSessionCache

      protected AuthSessionCache newSessionCache(String managerName, Map<String,String> properties)

    • maybeCreateChildSession

      protected OAuth2Util.AuthSession maybeCreateChildSession(Map<String,String> credentials, Map<String,String> properties, Function<String,String> cacheKeyFunc, OAuth2Util.AuthSession parent)

    • newSessionFromAccessToken

      protected OAuth2Util.AuthSession newSessionFromAccessToken(String token, Map<String,String> properties, OAuth2Util.AuthSession parent)

    • newSessionFromCredential

      protected OAuth2Util.AuthSession newSessionFromCredential(String credential, OAuth2Util.AuthSession parent)

    • newSessionFromTokenExchange

      protected OAuth2Util.AuthSession newSessionFromTokenExchange(String token, String tokenType, OAuth2Util.AuthSession parent)