OAuth2 Client Credentials Flow¶

Bases: IcebergRESTCatalogAuth, FrozenModel

OAuth2 Client Credentials Flow authentication for Iceberg REST Catalog.

While creating new REST catalog session, new access token is fetched via OAuth2 server HTTP endpoint with grant_type=client_credentials.

After that, all requests to REST catalog are made with a HTTP header Authorization: Bearer {access_token}.

Added in 0.15.0

Parameters:

client_secret (str) –

OAuth2 client secret.
client_id (str) –

OAuth2 client ID. In most OAuth2 server implementations it is mandatory.
token_refresh_interval (timedelta) –

Interval for automatic token refresh. Default: 1 hour. Set to None to disable automatic refresh.
oauth2_token_endpoint (str) –

OAuth2 endpoint for fetching tokens. If not provided, uses the REST catalog's v1/oauth/tokens endpoint.
scopes (List[str], default: [] ) –

OAuth2 scopes to request.
audience (str) –

OAuth2 audience param.
resource (str) –

OAuth2 resource param.

Examples:

OAuth2OAuth2 with optional fields

from onetl.connection import Iceberg

auth = Iceberg.RESTCatalog.OAuth2ClientCredentials(
    client_id="my_client_id",
    client_secret="my_client_secret",
)

from datetime import timedelta
from onetl.connection import Iceberg

auth = Iceberg.RESTCatalog.OAuth2ClientCredentials(
    client_id="my_client_id",
    client_secret="my_client_secret",
    scopes=["catalog:read"],
    oauth2_token_endpoint="http://keycloak.domain.com/realms/my-realm/protocol/openid-connect/token",
    token_refresh_interval=timedelta(minutes=30),
    audience="iceberg-catalog",
)

`get_config()` ¶

Return REST catalog auth configuration.

OAuth2 Client Credentials Flow¶

get_config() ¶

`get_config()` ¶