-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apply new logic for parsing WWW-Authenticate header #467
Conversation
88282f9
to
01b937c
Compare
trino/auth.py
Outdated
key = comps[0].strip(' "') | ||
value = comps[1].strip(' "') | ||
if key: | ||
auth_info_headers[key.lower()] = value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the dict would overwrite if same key is present (e.g. if there are multiple Bearer realm
entries or multiple Bearer x_redirect_server
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's possible that www-authenticate would have duplicate keys, based on https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The entire challenge cannot be a duplicate I think but here the key
is the part split on =
.
So the example at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate#digest_authentication_with_sha-256_and_md5 has two challenges for which key = 'Digest realm'
.
(Sorry I'm AFK and did not test the static method against that example 🙏).
01b937c
to
ca7ad24
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good % question about duplicate keys
ca7ad24
to
63ffa53
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
works for our use-case where we just want x_redirect_server
and x_token_server
value. Sadly Python is not enterprise enough to have good quality libraries for HTTP 401 handling.
Description
Resolves #444
Non-technical explanation
Release notes
( ) This is not user-visible or docs only and no release notes are required.
( ) Release notes are required, please propose a release note for me.
( ) Release notes are required, with the following suggested text: