From 49afa410b57900867b849b53c2f66187d05f61c2 Mon Sep 17 00:00:00 2001
From: Romain Manni-Bucau <rmannibucau@gmail.com>
Date: Mon, 19 Jan 2026 23:21:09 +0100
Subject: [PATCH] merge

---
 CHANGELOG.md                                   |  1 +
 .../service/admin/PolarisServiceImpl.java      | 18 ------------------
 2 files changed, 1 insertion(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 93e51deab4..ae22408814 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -66,6 +66,7 @@ request adding CHANGELOG notes for breaking (!) changes and possibly other secti
 - Added `hierarchical` flag to `AzureStorageConfigInfo` to allow more precise SAS token down-scoping in ADLS when
   the [hierarchical namespace](https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-namespace)
   feature is enabled in Azure.
+- Relaxed `client_id`, `client_secret` regex/pattern validation on reset endpoint call
 
 ### Changes
 
diff --git a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java
index eebd3aa161..ce94470b62 100644
--- a/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java
+++ b/runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisServiceImpl.java
@@ -136,18 +136,6 @@ public Response createCatalog(
     return Response.status(Response.Status.CREATED).entity(newCatalog).build();
   }
 
-  private void validateClientId(String clientId) {
-    if (!clientId.matches("^[0-9a-f]{16}$")) {
-      throw new IllegalArgumentException("Invalid clientId format");
-    }
-  }
-
-  private void validateClientSecret(String clientSecret) {
-    if (!clientSecret.matches("^[0-9a-f]{32}$")) {
-      throw new IllegalArgumentException("Invalid clientSecret format");
-    }
-  }
-
   private void validateStorageConfig(StorageConfigInfo storageConfigInfo) {
     List<String> allowedStorageTypes =
         realmConfig.getConfig(FeatureConfiguration.SUPPORTED_CATALOG_STORAGE_TYPES);
@@ -304,12 +292,6 @@ public Response resetCredentials(
             ? resetPrincipalRequest
             : new ResetPrincipalRequest(null, null);
 
-    if (safeResetPrincipalRequest.getClientId() != null) {
-      validateClientId(safeResetPrincipalRequest.getClientId());
-    }
-    if (safeResetPrincipalRequest.getClientSecret() != null) {
-      validateClientSecret(safeResetPrincipalRequest.getClientSecret());
-    }
     return Response.ok(adminService.resetCredentials(principalName, safeResetPrincipalRequest))
         .build();
   }