Implement access-token option

trinodb / trino-python-client

Python client for Trino

Apache License 2.0

309 stars 151 forks source link

Implement access-token option #251

Closed twokindswater closed 1 year ago

twokindswater commented 1 year ago

Describe the feature

trino cli has access-token option to passing token. if access-token set every request has token info.

Describe alternatives you've considered

No response

Are you willing to submit PR?

[ ] Yes I am willing to submit a PR!

hovaesco commented 1 year ago

Do you mean JWT token? It's already supported as JWT authentication. Simply pass access_token like in examples here: https://github.com/trinodb/trino-python-client#jwt-authentication

twokindswater commented 1 year ago

yes i want to add token like JWT.

but i have to add access key, secret key and token in one request header. because aws sts token have to contain that three(acc/sec/token). so request header like bellow key : Athorization value1 : Basic xxxxxx value2: Barear xxxxx

trino-cli also can send request contain 3(acc/sec/token).

TRINO_PASSWORD=secret trino --server https://trino.com --insecure --user acess --password --access-token=token

so can i make request contain that 3? this is my test code and this cant make request which contain acc/sec/token.

def test_my():
    conn = connect(
        host="trino.com",
        port=1234,
        user="user1",
        http_scheme="https",
        verify="/cert/example.crt",
        auth=BasicAuthentication("acc", "sec"),
auth=JWTAuthentication("token")
    )

    cur = conn.cursor()
    cur.execute("SHOW CATALOGS")
    rows = cur.fetchall()

hovaesco commented 1 year ago

In trino-cli you are passing a token like --access-token=token, so in trino-python-client you can just pass your token as auth=JWTAuthentication("token").

twokindswater commented 1 year ago

yes trino-cli can pass token with --access-token=token but i want to pass token and access-key, secret-key too in same request. trino-cli can pass access-key, secret-key and token in same request with bellow command.

TRINO_PASSWORD=secret-key /usr/local/bin/trino --server trino-endpoint --user access-key --password --access-token=token

but trino-python-client can't make request which contain access-key, secret-key and token. because connection can have one authentication BasicAuthentication or JWTAuthentication. so i ask you could i make request which have access-key, secret-key and token.

bellow code is return error because auth key is duplicated.

    conn = connect(
        auth=BasicAuthentication("acc", "sec"),
        auth=JWTAuthentication("token")

hashhar commented 1 year ago

While the CLI allows passing both only of them actually works since all the auth information is passed via the HTTP header Authorization and the order of priority is defined at https://github.com/trinodb/trino/blob/52e4e3eaf267dead0af26757f91790768ba3ef68/client/trino-cli/src/main/java/io/trino/cli/QueryRunner.java#L104-L106, although it's a chain of interceptors the server only looks at the Authorization header that is present in the final request.