bharos commented on code in PR #8048: URL: https://github.com/apache/gravitino/pull/8048#discussion_r2273968482
##########
docs/security/how-to-authenticate.md:
##########
@@ -111,6 +115,13 @@ GravitinoClient client = GravitinoClient.builder(uri)
| `gravitino.authenticator.oauth.signAlgorithmType` | The signature algorithm
when Gravitino uses OAuth as the authenticator.
| `RS256`
| No | 0.3.0 |
| `gravitino.authenticator.oauth.serverUri` | The URI of the default
OAuth server.
| (none)
| Yes if use `oauth` as the authenticator | 0.3.0 |
| `gravitino.authenticator.oauth.tokenPath` | The path for token of
the default OAuth server.
| (none)
| Yes if use `oauth` as the authenticator | 0.3.0 |
+| `gravitino.authenticator.oauth.provider` | OAuth provider type
(default, oidc). Determines the Web UI authentication flow. Use 'oidc' for Web
UI OIDC login, 'default' for legacy login or API-only authentication.
| `default` | No
| 1.0.0 |
+| `gravitino.authenticator.oauth.clientId` | OAuth client ID for Web
UI authentication.
| (none) | No
| 1.0.0 |
+| `gravitino.authenticator.oauth.authority` | OAuth authority/issuer
URL for OIDC providers for web UI authentication. (e.g., Azure AD tenant URL).
| (none) | No
| 1.0.0 |
+| `gravitino.authenticator.oauth.scope` | OAuth scopes for Web UI
authentication (space-separated).
| (none) | No
| 1.0.0 |
+| `gravitino.authenticator.oauth.jwksUri` | JWKS URI for
server-side OAuth token validation. Required when using JWKS-based validation.
|
(none) | No | 1.0.0
|
+| `gravitino.authenticator.oauth.principalField` | JWT claim field to use
as principal identity (e.g., 'sub', 'client_id', 'appid').
| `sub`
| No | 1.0.0 |
Review Comment:
Updated
##########
docs/security/how-to-authenticate.md:
##########
@@ -111,6 +115,13 @@ GravitinoClient client = GravitinoClient.builder(uri)
| `gravitino.authenticator.oauth.signAlgorithmType` | The signature algorithm
when Gravitino uses OAuth as the authenticator.
| `RS256`
| No | 0.3.0 |
| `gravitino.authenticator.oauth.serverUri` | The URI of the default
OAuth server.
| (none)
| Yes if use `oauth` as the authenticator | 0.3.0 |
| `gravitino.authenticator.oauth.tokenPath` | The path for token of
the default OAuth server.
| (none)
| Yes if use `oauth` as the authenticator | 0.3.0 |
+| `gravitino.authenticator.oauth.provider` | OAuth provider type
(default, oidc). Determines the Web UI authentication flow. Use 'oidc' for Web
UI OIDC login, 'default' for legacy login or API-only authentication.
| `default` | No
| 1.0.0 |
+| `gravitino.authenticator.oauth.clientId` | OAuth client ID for Web
UI authentication.
| (none) | No
| 1.0.0 |
Review Comment:
Updated
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
