[jira] [Updated] (IMPALA-14186) Support JWT Token Refresh in Impyla

Wed, 25 Jun 2025 12:51:15 -0700 


     [ 
https://issues.apache.org/jira/browse/IMPALA-14186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jason Fehr updated IMPALA-14186:
--------------------------------
    Priority: Critical  (was: Major)

> Support JWT Token Refresh in Impyla
> -----------------------------------
>
>                 Key: IMPALA-14186
>                 URL: https://issues.apache.org/jira/browse/IMPALA-14186
>             Project: IMPALA
>          Issue Type: Improvement
>            Reporter: Jason Fehr
>            Priority: Critical
>              Labels: impala, impyla, jwt
>
> JWTs are intended to be short-lived, often having lifespans of 5 minutes.  
> Currently, Impyla takes a JWT as input to start a query, but, if the query is 
> long-running, the JWT expires and results in 401 Unauthorized errors.
> Impyla needs to support JWT token refreshes while a query is running.  To 
> accomplish this:
>  # Add the ability to specify a callback function to generate a JWT.  When 
> Impyla needs to obtain a new JWT, it will call that callback function to run 
> the user provided code to obtain a new JWT.  Users can still specify a JWT if 
> they want, and Impyla must use that JWT like it does today.  If a JWT is not 
> specified, the callback function is immediately callef.  If both a JWT and a 
> callback function are provided, start by using the JWT and call the callback 
> function when that initial JWT is about to expire.  The callback function 
> will be provided the previous JWT string as input (or None if there is no 
> previous JWT) and will return a new JWT string.
>  # Impyla must jave a new configuration setting to determine when the JWT 
> should be renewed.  This setting must specify a number of seconds.  Once the 
> JWT expiration time minus the current time is less than the value of this 
> setting, the JWT is renewed.  Default this value to 60.
>  # Impyla must provide the ability to specify a callback to determine if a 
> JWT needs renewing or not.  The callback function will be provided the JWT as 
> input and will return a boolean indicating if renewing is needed.
>  # If both a JWT expiration callback and a number of seconds is specified, 
> the callback takes precedence and the expiration time setting is ignored.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to