Open TennyZhuang opened 3 months ago
2. Call every methods with a retry wrapper. When meeting an unauthorized error, refetch the token and retry the method.
Our rest catalog client now has a authenticate
function.
We can perform the expiration logic here.
I also prefer 2. The iceberg community may deprecate current auth approach in future, and introduce true oauth client in future. I prefer to have a simpler solution without introducing too much extra dependency.
(expired_at, token)
pair in an async Mutex
, and check whether it's close to expiration when needed. If it's close to expiration, lock the mutex, update the pair, and unlock. Then only one request will update the token.3. Store
(expired_at, token)
pair in an asyncMutex
, and check whether it's close to expiration when needed. If it's close to expiration, lock the mutex, update the pair, and unlock. Then only one request will update the token.
Great!
- Store
(expired_at, token)
pair in an asyncMutex
, and check whether it's close to expiration when needed. If it's close to expiration, lock the mutex, update the pair, and unlock. Then only one request will update the token.
Sounds reasonable to me.
Then we need https://docs.rs/tokio/latest/tokio/sync/struct.RwLock.html, still depends on tokio :(
This is rust
Then we need https://docs.rs/tokio/latest/tokio/sync/struct.RwLock.html, still depends on tokio :(
This is rust
How about futures Mutex?
The current implementation utilizes std::sync::Mutex
with a precisely controlled locking scope.
The worst thing that could happen here is that we might send multiple token refresh requests, which I think is fine for a catalog.
It's acceptable, but not as expected. When a client request a token, the server may expect it will be used for several hours.
Background: #301
The token fetched from the token server may have a TTL, see
TokenResponse::expires_in
. In most implementations, the value is about several hours. Our catalog client is a long-lived object, which means that we should handle the token expiration event.There are two ways:
expires_in * 0.9
seconds, and refetch the token when triggered.