Support OAuth2 client credentials flow

[creckord]

We use Keycloak as our authentication platform and would like to use OAuth2 to run Trino queries from other automated processes where there is no authenticated user session.

This is typically handled using the client credentials flow, but it seems that this is not yet supported by the Trino OAuth provider config:

Trino uses the Authorization Code flow which exchanges an Authorization Code for a token.

Any chance to add this?

A possible workaround would be to use JWT authentication and get the token from Keycloak ourselves beforehand (we are not allowed to use password auth with a static Trino password db). The downside to this is that tokens have a limited - and in our case rather short - lifetime, and we would have to handle token refresh in between queries ourselves, whereas support in the Trino OAuth connector could handle that internally, like it already does for the authorization code flow.

[vincentye38]

I want this feature too. I can implement it if some have some design idea?