OpenAPI: Use more clear language in recommending error responses

[sungwy]

The existence of the 419 AuthenticationTimeoutResponse status code caused confusion in the Iceberg community on the following two questions:

• whether the error response should be issued by a REST catalog on token expiry over 401 UnauthorizedResponse
• and how the client should respond on 419 response (vs a 401 response)

The updated description follows the RFC language of using SHOULD and MAY to be make these more clear for the REST catalog as well as the client responding to the status response.

[dimas-b]

Thanks for the spec clarification, @sungwy ! The changes LGTM 👍

[sungwy]

Thanks for the spec clarification, @sungwy ! The changes LGTM 👍

All thanks to you for the helpful reviews @dimas-b 💯

[flyrain]

I like the new descriptions for both status codes. With the new changes, it seems we actually deprecated it without saying it explicitly. Should we just deprecate it then? cc @danielcweeks @rdblue

[sungwy]

Thank @flyrain !

Yeah I was actually debating on the last line, but decided to keep it to facilitate this discussion. I believe a deprecation would result in us removing the status code in a subsequent release, after which the status code handling could also be removed from the Iceberg REST client representations which I think may cause confusion as 419 responses from Iceberg REST Catalog servers that are running on older versions of the spec won't be handled as expected. Hence, I'm hesitant to suggest deprecating the status code.

I still think it's still fair to express a preference as we did here, so as to not confuse the REST Catalog server implementer on which status code to choose to use on token expiry.

[dimas-b]

From my POV the "401 should be preferred" language is already effectively deprecating 419.

However, from the spec evolution perspective, I do not think it would be valid to remove 419 from the v1 REST spec.

All in all, I think the "should" language adds enough clarity for both clients and servers.

[flyrain]

may cause confusion as 419 responses from Iceberg REST Catalog servers that are running on older versions of the spec won't be handled as expected.

Can you elaborate it? I think the clients are OK to treat a 419 as a 401, or just a normal failure in that case. To retry or not is the client side decision. I believe either behavior(client retry or not retry) is acceptable. My only concern to deprecate it is the SigV4 use case @danielcweeks and @rdblue mentioned, if SigV4 clients must depend on 419, we need to keep it. But I don't have much context, will appreciate any inputs.

[sungwy]

To retry or not is the client side decision

Yes I agree with you @flyrain . Although I think it'll be confusing for application developers if for example, PyIceberg removed retry handling for 419 status on the next version after the 419 status code is deprecated on the REST Catalog. The application developer would expect 419 status codes from their REST Catalog server to result in retries, and on version upgrade they their PyIceberg application no longer will. Hence, as a community, we may need to keep 419 status code handling for backward compatibility.

[flyrain]

The application developer would expect 419 status codes from their REST Catalog server to result in retries

yeah, that's an edge case, in which a server happened to return 419, plus an application happened to rely on 419 for retrying. As we all agreed that 419-based retry is not reliable and not recommended, application shouldn't do that afterward. These are very subtle things though. I'm fine with not deprecate it, but I still prefer to give users more clear message, that 419 shouldn't be used. Deprecating it makes it more clear.

[flyrain]

Brought this up in last community catalog meeting. The general agreement was to deprecate 419. Meeting link: https://www.youtube.com/watch?v=vbV2XxOTyT4.

[mrcnc]

If an access token is malformed, wouldn't a 400 / BadRequestErrorResponse be a more appropriate response? I'm wondering if we should drop the malformed here?

[sungwy]

Hi @mrcnc thank you for the review!

IHMO I think if the access token is malformed, I'd still consider 401 to be the appropriate respones type vs 400 which I think would be more appropriate when the format of the Request itself is malformed.

I took this verbiage directly from https://www.rfc-editor.org/rfc/rfc6750 under the invalid_token section:

invalid_token
         The access token provided is expired, revoked, malformed, or
         invalid for other reasons.  The resource SHOULD respond with
         the HTTP 401 (Unauthorized) status code.  The client MAY
         request a new access token and retry the protected resource
         request.

[github-actions]

This pull request has been marked as stale due to 30 days of inactivity. It will be closed in 1 week if no further activity occurs. If you think that’s incorrect or this pull request requires a review, please simply write any comment. If closed, you can revive the PR at any time and @mention a reviewer or discuss it on the dev@iceberg.apache.org list. Thank you for your contributions.

[flyrain]

Hi @sungwy, are you still working on it?

[sungwy]

Hi @sungwy, are you still working on it?

Hi @flyrain I'm still waiting on an approval to merge this in.

Is the direction that we want to make it more clear that we are deprecating 419 status code? If so, I can send out an email on the dev list to vote on the deprecation and proceed from there.

[flyrain]

Hi @sungwy, thanks for the reply. I'm OK with moving forward with this PR. We could deprecate it in a followup one.

[dimas-b]

@flyrain : feel free to merge (from my POV)

[sungwy]

Merging it in :)

[sungwy]

Thanks for the review @flyrain and @dimas-b ! 😁