bharos commented on code in PR #10437:
URL: https://github.com/apache/gravitino/pull/10437#discussion_r2943019441
##########
web-v2/web/src/lib/auth/providers/oidc.js:
##########
@@ -67,17 +67,17 @@ export class OidcOAuthProvider extends BaseOAuthProvider {
let user = await this.userManager.getUser()
if (user && !user.expired) {
- // For JWKS validation, we need the ID token (JWT format), not the
access token
- return user.id_token || user.access_token
+ // Use access token for API requests per OAuth2 spec
+ return user.access_token || user.id_token
Review Comment:
@claude can this reversal of order cause any issues with other OAuth
providers (like Azure AD), or will it work seamlessly
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
