trino-python-client icon indicating copy to clipboard operation
trino-python-client copied to clipboard

Published 20 hours ago verified publisher icon trinodb

Implement access-token option

Open twokindswater opened this issue 2 years ago • 3 comments

Describe the feature

trino cli has access-token option to passing token. if access-token set every request has token info.

Describe alternatives you've considered

No response

Are you willing to submit PR?

  • [ ] Yes I am willing to submit a PR!

twokindswater avatar Oct 07 '22 01:10 twokindswater

Do you mean JWT token? It's already supported as JWT authentication. Simply pass access_token like in examples here: https://github.com/trinodb/trino-python-client#jwt-authentication

hovaesco avatar Oct 10 '22 09:10 hovaesco

yes i want to add token like JWT.

but i have to add access key, secret key and token in one request header. because aws sts token have to contain that three(acc/sec/token). so request header like bellow key : Athorization value1 : Basic xxxxxx value2: Barear xxxxx

trino-cli also can send request contain 3(acc/sec/token).

TRINO_PASSWORD=secret trino --server https://trino.com --insecure --user acess --password --access-token=token

so can i make request contain that 3? this is my test code and this cant make request which contain acc/sec/token.

def test_my():
    conn = connect(
        host="trino.com",
        port=1234,
        user="user1",
        http_scheme="https",
        verify="/cert/example.crt",
        auth=BasicAuthentication("acc", "sec"),
auth=JWTAuthentication("token")
    )

    cur = conn.cursor()
    cur.execute("SHOW CATALOGS")
    rows = cur.fetchall()

twokindswater avatar Oct 14 '22 04:10 twokindswater

In trino-cli you are passing a token like --access-token=token, so in trino-python-client you can just pass your token as auth=JWTAuthentication("token").

hovaesco avatar Oct 14 '22 12:10 hovaesco

yes trino-cli can pass token with --access-token=token but i want to pass token and access-key, secret-key too in same request. trino-cli can pass access-key, secret-key and token in same request with bellow command.

TRINO_PASSWORD=secret-key /usr/local/bin/trino --server trino-endpoint --user access-key --password --access-token=token

but trino-python-client can't make request which contain access-key, secret-key and token. because connection can have one authentication BasicAuthentication or JWTAuthentication. so i ask you could i make request which have access-key, secret-key and token.

bellow code is return error because auth key is duplicated.

    conn = connect(
        auth=BasicAuthentication("acc", "sec"),
		auth=JWTAuthentication("token")

twokindswater avatar Oct 17 '22 01:10 twokindswater

While the CLI allows passing both only of them actually works since all the auth information is passed via the HTTP header Authorization and the order of priority is defined at https://github.com/trinodb/trino/blob/52e4e3eaf267dead0af26757f91790768ba3ef68/client/trino-cli/src/main/java/io/trino/cli/QueryRunner.java#L104-L106, although it's a chain of interceptors the server only looks at the Authorization header that is present in the final request.

hashhar avatar Mar 30 '23 07:03 hashhar