Package org.apache.hadoop.fs.azurebfs.oauth2

Interface ClientAssertionProvider

@Public
@Evolving
public interface ClientAssertionProvider

Interface for providing client assertions for Azure Workload Identity authentication. This interface allows custom implementations to provide JWT tokens through various mechanisms: - Kubernetes Token Request API - HashiCorp Vault - Custom token services - File-based tokens with custom logic Implementations should be thread-safe as they may be called concurrently.

Method Summary

Modifier and Type	Method	Description
default void	close()	Optional: Cleanup resources when the provider is no longer needed.
String	getClientAssertion()	Retrieves a client assertion (JWT token) for Azure Workload Identity authentication.
void	initialize(Configuration configuration, String accountName)	Initializes the provider with the given configuration.

Method Details

initialize

void initialize(Configuration configuration,
 String accountName)
         throws IOException

Initializes the provider with the given configuration. This method is called once after the provider is instantiated via reflection.

Parameters:

configuration - Hadoop configuration containing provider-specific settings

accountName - Azure storage account name for account-specific configuration

Throws:

IOException - if initialization fails

getClientAssertion

String getClientAssertion()
                   throws IOException

Retrieves a client assertion (JWT token) for Azure Workload Identity authentication. The returned string should be a valid JWT token that can be used as a client assertion in OAuth 2.0 client credentials flow with JWT bearer assertion.

Returns:

JWT token as a string

Throws:

IOException - if token retrieval fails

close

default void close()
            throws IOException

Optional: Cleanup resources when the provider is no longer needed. Default implementation does nothing.

Throws:

IOException - if cleanup fails