iceberg-python icon indicating copy to clipboard operation
iceberg-python copied to clipboard
verified publisher icon apache

No OAuth2 authorization token was provided when obtaining the signature.

Open ChangxingJiang opened this issue 1 month ago • 0 comments

Apache Iceberg version

0.10.0 (latest release)

Please describe the bug 🐞

Problem

When LakeKeeper enables OAuth2 authentication, an error occurs in PyIceberg's s3v4_rest_signer function because no token is passed in. The error message is as follows:

requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: http://localhost:8181/catalog/v1/signer/1b6a661c-c045-11f0-a5d1-c7f4c19a9f11/tabular-id/019a7bf0-6022-77a3-a1ca-e466b94a019a/v1/aws/s3/sign

I Find it because "token" is not in the properties in the S3V4RestSigner:

https://github.com/apache/iceberg-python/blob/main/pyiceberg/io/fsspec.py

Expect

It tokens to request the signer.

Reproduce

  • Use LakeKeeper as REST catalog
  • Use KeyCloak to OAuth2
catalog = load_catalog(
    type="rest",
    uri="http://localhost:8181/catalog",
    warehouse="iceberg",
    credential=f"{CLIENT_ID}:{CLIENT_SECRET}",
    scope="lakekeeper",
    **{
        "oauth2-server-uri": "http://172.20.*.*:*/realms/master/protocol/openid-connect/token"
    }
)

Willingness to contribute

  • [ ] I can contribute a fix for this bug independently
  • [x] I would be willing to contribute a fix for this bug with guidance from the Iceberg community
  • [ ] I cannot contribute a fix for this bug at this time

ChangxingJiang avatar Nov 16 '25 00:11 ChangxingJiang