OAuth2 Client Credentials Flow¶
Bases: IcebergRESTCatalogAuth, FrozenModel
OAuth2 Client Credentials Flow authentication for Iceberg REST Catalog.
While creating new REST catalog session, new access token is fetched via OAuth2 server HTTP endpoint
with grant_type=client_credentials <https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/>_.
After that, all requests to REST catalog are made with a HTTP header Authorization: Bearer {access_token}.
.. versionadded:: 0.15.0
Parameters:
-
client_secret(str) –OAuth2 client secret.
-
client_id(str) –OAuth2 client ID. In most OAuth2 server implementations it is
mandatory <https://www.oauth.com/oauth2-servers/client-registration/client-id-secret/>_. -
token_refresh_interval(timedelta) –Interval for
automatic token refresh <https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/>_. Default: 1 hour. Set toNoneto disable automatic refresh. -
oauth2_token_endpoint(str) –OAuth2 endpoint for fetching tokens. If not provided, uses the REST catalog's
v1/oauth/tokensendpoint. -
scopes(List[str], default:[]) –OAuth2 scopes <https://www.oauth.com/oauth2-servers/scope/>_ to request. -
audience(str) –OAuth2
audienceparam. -
resource(str) –OAuth2
resourceparam.
Examples:
.. tabs::
.. code-tab:: python OAuth2
from onetl.connection import Iceberg
auth = Iceberg.RESTCatalog.OAuth2ClientCredentials(
client_id="my_client_id",
client_secret="my_client_secret",
)
.. code-tab:: python OAuth2 with optional fields
from datetime import timedelta
from onetl.connection import Iceberg
auth = Iceberg.RESTCatalog.OAuth2ClientCredentials(
client_id="my_client_id",
client_secret="my_client_secret",
scopes=["catalog:read"],
oauth2_token_endpoint="http://keycloak.domain.com/realms/my-realm/protocol/openid-connect/token",
token_refresh_interval=timedelta(minutes=30),
audience="iceberg-catalog",
)
get_config()
¶
Return REST catalog auth configuration.