Skip to content

Add bearer token authorization check #1912

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rampage644 merged 2 commits into from
Nov 8, 2025
Merged

Add bearer token authorization check #1912

rampage644 merged 2 commits into from
Nov 8, 2025

Conversation

@JanKaul
Copy link
Contributor

@JanKaul JanKaul commented Nov 6, 2025

Summary

Add bearer token authorization for the Iceberg REST API endpoint. When configured, incoming requests are validated against the bearer token. Requests without proper authorization return 401 Unauthorized. If no token is configured, all requests are allowed through.

Changes

  • Add axum-auth dependency for middleware support
  • Implement require_auth middleware to validate Bearer tokens
  • Add bearer_token field to the Iceberg REST API state
  • Add iceberg_rest_bearer_token CLI option (supports ICEBERG_REST_BEARER_TOKEN env var)
  • Integrate auth middleware into the Iceberg REST router

@github-actions
Copy link
Contributor

github-actions bot commented Nov 6, 2025

SLT Targeted Testing: No relevant SLT tests found for the changes in this PR. No testing required.

@JanKaul JanKaul force-pushed the jankaul/bearer-token-auth branch from c323d3d to c957d02 Compare November 7, 2025 10:48
@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2025

SLT Targeted Testing: No relevant SLT tests found for the changes in this PR. No testing required.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 7, 2025

SLT Targeted Testing: No relevant SLT tests found for the changes in this PR. No testing required.

@JanKaul JanKaul marked this pull request as ready for review November 7, 2025 15:19
DanCodedThis
DanCodedThis approved these changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@DanCodedThis DanCodedThis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JanKaul How do you authorize? Or do you just send the token with each request manually, no log in? Otherwise, LGTM

@rampage644 rampage644 merged commit d104f8c into main Nov 8, 2025
7 checks passed
@rampage644 rampage644 deleted the jankaul/bearer-token-auth branch November 8, 2025 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DanCodedThis DanCodedThis DanCodedThis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@JanKaul @DanCodedThis @rampage644