Package org.apache.iceberg.rest.auth

Class OAuth2Properties

java.lang.Object

org.apache.iceberg.rest.auth.OAuth2Properties

public class OAuth2Properties
extends Object

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ACCESS_TOKEN_TYPE
static final String	AUDIENCE	Optional param audience for OAuth2.
static final String	CATALOG_SCOPE	Scope for OAuth2 flows.
static final String	CREDENTIAL	A credential to exchange for a token in the OAuth2 client credentials flow.
static final String	ID_TOKEN_TYPE
static final String	INVALID_CLIENT_ERROR
static final String	INVALID_GRANT_ERROR
static final String	INVALID_REQUEST_ERROR
static final String	INVALID_SCOPE_ERROR
static final String	JWT_TOKEN_TYPE
static final String	OAUTH2_SERVER_URI	Token endpoint URI to fetch token from if the Rest Catalog is not the authorization server.
static final String	REFRESH_TOKEN_TYPE
static final String	RESOURCE	Optional param resource for OAuth2.
static final String	SAML1_TOKEN_TYPE
static final String	SAML2_TOKEN_TYPE
static final String	SCOPE	Additional scope for OAuth2.
static final String	TOKEN	A Bearer token which will be used for interaction with the server.
static final String	TOKEN_EXCHANGE_ENABLED	Some IDPs do not support token exchange which is the first approach used for acquiring a new token.
static final boolean	TOKEN_EXCHANGE_ENABLED_DEFAULT
static final String	TOKEN_EXPIRES_IN_MS	Interval in milliseconds to wait before attempting to exchange the configured catalog Bearer token.
static final long	TOKEN_EXPIRES_IN_MS_DEFAULT
static final String	TOKEN_REFRESH_ENABLED	Controls whether a token should be refreshed if information about its expiration time is available
static final boolean	TOKEN_REFRESH_ENABLED_DEFAULT
static final String	UNAUTHORIZED_CLIENT_ERROR
static final String	UNSUPPORTED_GRANT_TYPE_ERROR

Method Summary

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

TOKEN

public static final String TOKEN

A Bearer token which will be used for interaction with the server.

See Also:

• Constant Field Values

CREDENTIAL

public static final String CREDENTIAL

A credential to exchange for a token in the OAuth2 client credentials flow.

See Also:

• Constant Field Values

OAUTH2_SERVER_URI

public static final String OAUTH2_SERVER_URI

Token endpoint URI to fetch token from if the Rest Catalog is not the authorization server.

See Also:

• Constant Field Values

TOKEN_EXPIRES_IN_MS

public static final String TOKEN_EXPIRES_IN_MS

Interval in milliseconds to wait before attempting to exchange the configured catalog Bearer token. By default, token exchange will be attempted after 1 hour.

See Also:

• Constant Field Values

TOKEN_EXPIRES_IN_MS_DEFAULT

public static final long TOKEN_EXPIRES_IN_MS_DEFAULT

See Also:

• Constant Field Values

TOKEN_REFRESH_ENABLED

public static final String TOKEN_REFRESH_ENABLED

Controls whether a token should be refreshed if information about its expiration time is available

See Also:

• Constant Field Values

TOKEN_REFRESH_ENABLED_DEFAULT

public static final boolean TOKEN_REFRESH_ENABLED_DEFAULT

See Also:

• Constant Field Values

TOKEN_EXCHANGE_ENABLED

public static final String TOKEN_EXCHANGE_ENABLED

Some IDPs do not support token exchange which is the first approach used for acquiring a new token. Disabling this will allow fallback to the client credential flow without initiating a token exchange flow.

See Also:

• Constant Field Values

TOKEN_EXCHANGE_ENABLED_DEFAULT

public static final boolean TOKEN_EXCHANGE_ENABLED_DEFAULT

See Also:

• Constant Field Values

SCOPE

public static final String SCOPE

Additional scope for OAuth2.

See Also:

• Constant Field Values

AUDIENCE

public static final String AUDIENCE

Optional param audience for OAuth2.

See Also:

• Constant Field Values

RESOURCE

public static final String RESOURCE

Optional param resource for OAuth2.

See Also:

• Constant Field Values

CATALOG_SCOPE

public static final String CATALOG_SCOPE

Scope for OAuth2 flows.

See Also:

• Constant Field Values

ACCESS_TOKEN_TYPE

public static final String ACCESS_TOKEN_TYPE

See Also:

• Constant Field Values

REFRESH_TOKEN_TYPE

public static final String REFRESH_TOKEN_TYPE

See Also:

• Constant Field Values

ID_TOKEN_TYPE

public static final String ID_TOKEN_TYPE

See Also:

• Constant Field Values

SAML1_TOKEN_TYPE

public static final String SAML1_TOKEN_TYPE

See Also:

• Constant Field Values

SAML2_TOKEN_TYPE

public static final String SAML2_TOKEN_TYPE

See Also:

• Constant Field Values

JWT_TOKEN_TYPE

public static final String JWT_TOKEN_TYPE

See Also:

• Constant Field Values

INVALID_REQUEST_ERROR

public static final String INVALID_REQUEST_ERROR

See Also:

• Constant Field Values

INVALID_CLIENT_ERROR

public static final String INVALID_CLIENT_ERROR

See Also:

• Constant Field Values

INVALID_GRANT_ERROR

public static final String INVALID_GRANT_ERROR

See Also:

• Constant Field Values

UNAUTHORIZED_CLIENT_ERROR

public static final String UNAUTHORIZED_CLIENT_ERROR

See Also:

• Constant Field Values

UNSUPPORTED_GRANT_TYPE_ERROR

public static final String UNSUPPORTED_GRANT_TYPE_ERROR

See Also:

• Constant Field Values

INVALID_SCOPE_ERROR

public static final String INVALID_SCOPE_ERROR

See Also:

• Constant Field Values