diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java b/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java index fb2fb5750c..22aa301a3f 100644 --- a/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java +++ b/service/common/src/main/java/org/apache/polaris/service/auth/DefaultOAuth2ApiService.java @@ -110,7 +110,12 @@ public Response getToken( } else if (subjectToken != null) { tokenResponse = tokenBroker.generateFromToken( - subjectTokenType, subjectToken, grantType, scope, requestedTokenType); + subjectTokenType, + subjectToken, + grantType, + scope, + callContext.getPolarisCallContext(), + requestedTokenType); } else { return OAuthUtils.getResponseFromError(OAuthTokenErrorResponse.Error.invalid_request); } diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java b/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java index c0ce0b471c..48d5735a10 100644 --- a/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java +++ b/service/common/src/main/java/org/apache/polaris/service/auth/JWTBroker.java @@ -31,7 +31,6 @@ import org.apache.commons.lang3.StringUtils; import org.apache.iceberg.exceptions.NotAuthorizedException; import org.apache.polaris.core.PolarisCallContext; -import org.apache.polaris.core.context.CallContext; import org.apache.polaris.core.entity.PolarisEntityType; import org.apache.polaris.core.entity.PrincipalEntity; import org.apache.polaris.core.persistence.PolarisMetaStoreManager; @@ -101,6 +100,7 @@ public TokenResponse generateFromToken( String subjectToken, String grantType, String scope, + PolarisCallContext polarisCallContext, TokenType requestedTokenType) { if (requestedTokenType != null && !TokenType.ACCESS_TOKEN.equals(requestedTokenType)) { return new TokenResponse(OAuthTokenErrorResponse.Error.invalid_request); @@ -119,7 +119,7 @@ public TokenResponse generateFromToken( } EntityResult principalLookup = metaStoreManager.loadEntity( - CallContext.getCurrentContext().getPolarisCallContext(), + polarisCallContext, 0L, Objects.requireNonNull(decodedToken.getPrincipalId()), PolarisEntityType.PRINCIPAL); diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java b/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java index a352159372..5744cef2e9 100644 --- a/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java +++ b/service/common/src/main/java/org/apache/polaris/service/auth/NoneTokenBrokerFactory.java @@ -58,6 +58,7 @@ public TokenResponse generateFromToken( String subjectToken, String grantType, String scope, + PolarisCallContext polarisCallContext, TokenType requestedTokenType) { return null; } diff --git a/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java b/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java index b5d242070a..010490dc0e 100644 --- a/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java +++ b/service/common/src/main/java/org/apache/polaris/service/auth/TokenBroker.java @@ -35,35 +35,9 @@ public interface TokenBroker { boolean supportsRequestedTokenType(TokenType tokenType); - /** - * Generate a token from client secrets without specifying the requested token type - * - * @param clientId - * @param clientSecret - * @param grantType - * @param scope - * @return the response indicating an error or the requested token - * @deprecated - use the method with the requested token type - */ - @Deprecated - default TokenResponse generateFromClientSecrets( - final String clientId, - final String clientSecret, - final String grantType, - final String scope, - PolarisCallContext polarisCallContext) { - return generateFromClientSecrets( - clientId, clientSecret, grantType, scope, polarisCallContext, TokenType.ACCESS_TOKEN); - } - /** * Generate a token from client secrets * - * @param clientId - * @param clientSecret - * @param grantType - * @param scope - * @param requestedTokenType * @return the response indicating an error or the requested token */ TokenResponse generateFromClientSecrets( @@ -74,32 +48,9 @@ TokenResponse generateFromClientSecrets( PolarisCallContext polarisCallContext, TokenType requestedTokenType); - /** - * Generate a token from an existing token of a specified type without specifying the requested - * token type - * - * @param subjectTokenType - * @param subjectToken - * @param grantType - * @param scope - * @return the response indicating an error or the requested token - * @deprecated - use the method with the requested token type - */ - @Deprecated - default TokenResponse generateFromToken( - TokenType subjectTokenType, String subjectToken, final String grantType, final String scope) { - return generateFromToken( - subjectTokenType, subjectToken, grantType, scope, TokenType.ACCESS_TOKEN); - } - /** * Generate a token from an existing token of a specified type * - * @param subjectTokenType - * @param subjectToken - * @param grantType - * @param scope - * @param requestedTokenType * @return the response indicating an error or the requested token */ TokenResponse generateFromToken( @@ -107,6 +58,7 @@ TokenResponse generateFromToken( String subjectToken, final String grantType, final String scope, + PolarisCallContext polarisCallContext, TokenType requestedTokenType); DecodedToken verify(String token);