Skip to content

feat(go/adbc/driver/flightsql): Add OAuth Support to Flight Client #2651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 28 commits into from
Apr 17, 2025
Merged

feat(go/adbc/driver/flightsql): Add OAuth Support to Flight Client #2651

Show file tree
Hide file tree
Changes from 23 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
39da2c4
initial attempt. working with token exchange
xborder Mar 20, 2025
c10af80
add oauth support for flight client
xborder Mar 25, 2025
7758432
add oauth tests
xborder Mar 25, 2025
bb8a1f1
add missing configurations to token exchange flow
xborder Mar 25, 2025
10cd341
add missing configurations to client credentials
xborder Mar 25, 2025
775e779
revert changes to example_usage_test
xborder Mar 25, 2025
3f83c43
fix(go/adbc/driver/flightsql): tests linting
xborder Mar 25, 2025
e74fb32
fix(go/adbc/driver/flightsql): reset test suit db instead of server
xborder Mar 25, 2025
823e6b8
chore(go/adbc/driver/flightsql): refactor set auth header to a function
xborder Apr 7, 2025
a0ad006
chore(go/adbc/driver/flightsql): refactor flightsql_oauth implementation
xborder Apr 7, 2025
737e207
chore(go/adbc/driver/flightsql): small fixes
xborder Apr 7, 2025
9ff438c
chore(go/adbc/driver/flightsql): moved token to flightsq configuration
xborder Apr 7, 2025
f8ce583
chore(go/adbc/driver/flightsql): fix token key
xborder Apr 7, 2025
78fc5fc
chore(go/adbc/driver/flightsql): simplify setting token in SetOptions
xborder Apr 7, 2025
b1f4a4d
fix(go/adbc/driver/flightsql): throw error if triggering oauth but to…
xborder Apr 7, 2025
1fc80e7
test(go/adbc/driver/flightsql): test to fail oauth if token is set
xborder Apr 7, 2025
39693e2
chore(go/adbc): remove token as universal option
xborder Apr 8, 2025
2a84059
chore(go/adbc/driver/flightsql): replace oauth impl
xborder Apr 8, 2025
a2b2fe3
test(go/adbc/driver/flightsql): adapt OAuth tests with tls
xborder Apr 8, 2025
bded2f0
chore(go/adbc/driver/flightsql): replace TokenSource with PerRPCCrede…
xborder Apr 9, 2025
76fc327
chore(go/adbc/driver/flightsql): remove atoi
xborder Apr 9, 2025
4d763b9
docs(source/driver): document oauth options
xborder Apr 11, 2025
ee56375
chore(go/adbc/driver/flightsql): simplification
xborder Apr 11, 2025
e7dc917
chore(go/adbc/driver/flightsql): code improvements
xborder Apr 14, 2025
64b8143
fix(go/adbc/driver/flightsql): fix expected message
xborder Apr 14, 2025
9e98498
docs(docs/source/driver): typo
xborder Apr 16, 2025
9a665d0
docs(docs/source/driver): remove go only from docs
xborder Apr 17, 2025
c94f2ee
fix(go/adbc/driver/flightsql): small nits
xborder Apr 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 64 additions & 1 deletion docs/source/driver/flight_sql.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,12 @@ few optional authentication schemes:
header will then be sent back as the ``authorization`` header on all
future requests.

- (Go only) OAuth 2.0 authentication flows.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't it not Go only? Anything that uses the flightsql driver should be able to use the options that are being added. (We should add constants to the python adbc_driver_flightsql package)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to create a separate PR for this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes sense to make a separate PR to add the option constants, but I would still say that the "Go only" should be removed as nothing would prevent any other binding from using these options.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.#2714


The client provides :ref:`configurations <oauth-configurations>` to allow client application to obtain access
tokens from an authorization server. The obtained token is then used
on the ``authorization`` header on all future requests.

Bulk Ingestion
--------------

Expand Down Expand Up @@ -246,10 +252,67 @@ to :c:struct:`AdbcDatabase`, :c:struct:`AdbcConnection`, and
Add the header ``<HEADER NAME>`` to outgoing requests with the given
value.

Python: :attr:`adbc_driver_flightsql.ConnectionOptions.RPC_CALL_HEADER_PREFIX`
Python: :attr:`adbc_driver_flightsql.ConnectionOptions.RPC_CALL_HEADER_PREFIX`

.. warning:: Header names must be in all lowercase.


OAuth 2.0 Options
-----------------------
.. _oauth-configurations:

Supported configurations to obtainstokens using OAuth 2.0 authentication flows.

``adbc.flight.sql.oauth.flow``
Specifies the OAuth 2.0 flow type to use. Possible values: ``client_credentials``, ``token_exchange``

``adbc.flight.sql.oauth.client_id``
Unique identifier issued to the client application by the authorization server

``adbc.flight.sql.oauth.client_secret``
Secret associated to the client_id. Used to authenticate the client application to the authorization server

``adbc.flight.sql.oauth.token_uri``
The endpoint URL where the client application requests tokens from the authorization server

``adbc.flight.sql.oauth.scope``
Space-separated list of permissions that the client is requesting access to (e.g ``"read.all offline_access"``)

``adbc.flight.sql.oauth.exchange.subject_token``
The security token that the client application wants to exchange

``adbc.flight.sql.oauth.exchange.subject_token_type``
Identifier for the type of the subject token.
Check list below for supported token types.

``adbc.flight.sql.oauth.exchange.actor_token``
A security token that represents the identity of the acting party

``adbc.flight.sql.oauth.exchange.actor_token_type``
Identifier for the type of the actor token.
Check list below for supported token types.
``adbc.flight.sql.oauth.exchange.aud``
The intended audience for the requested security token

``adbc.flight.sql.oauth.exchange.resource``
The resource server where the client intends to use the requested security token

``adbc.flight.sql.oauth.exchange.scope``
Specific permissions requested for the new token

``adbc.flight.sql.oauth.exchange.requested_token_type``
The type of token the client wants to receive in exchange.
Check list below for supported token types.


Supported token types:
- ``urn:ietf:params:oauth:token-type:access_token``
- ``urn:ietf:params:oauth:token-type:refresh_token``
- ``urn:ietf:params:oauth:token-type:id_token``
- ``urn:ietf:params:oauth:token-type:saml1``
- ``urn:ietf:params:oauth:token-type:saml2``
- ``urn:ietf:params:oauth:token-type:jwt``

Distributed Result Sets
-----------------------

Expand Down
Loading
Loading