[#3755] improvement(client-python): Support OAuth2TokenProvider for Python client

[noidname01]

What changes were proposed in this pull request?

• Add OAuth2TokenProvider and DefaultOAuth2TokenProvider in client-python
• There are some components and tests missing because it would be a big code change if they were also done in this PR, they will be added in the following PRs
  • Error Handling: [Subtask] Add OAuth Error Handler and related exceptions, test cases in client-python #4173
  • Integration Test: [Subtask] Add Integration Test of OAuth2TokenProvider of client-python #4208
• Modify test file structure, and found issue [Bug report] test_gvfs_with_local.py would fail if run after test_simple_auth_provider.py #4136, solve it by reset environment variable.

Why are the changes needed?

Fix: #3755, #4136

Does this PR introduce any user-facing change?

No

How was this patch tested?

Add UT and tested by ./gradlew clients:client-python:unittest

[jerryshao]

@xloya can you please help to review this?

[xloya]

@xloya can you please help to review this?

Sure, will take a look later.

[xloya]

It seems that do not have docs, please add some docs for the new classes which have docs in Java.

[noidname01]

Done!

[xloya]

Can we manage these uniformly as static variables?

[noidname01]

Added as static variables of HTTPClient

[xloya]

It's better to add an expired token test case, WDYT?

[noidname01]

Actually the last testcase is the test for expired token, but it does not so obvious.
https://github.com/noidname01/gravitino/blob/255cabdb882228f81de1a1907d34fba31cf5b351/clients/client-python/tests/unittests/auth/test_oauth2_token_provider.py#L65

Theold_access_token will be loaded when DefaultOAuth2TokenProvider initializing, then the old_access_token will be replaced with new_access_token by calling get_token_data()

[xloya]

I see. I think we also need to test abnormal cases, such as using an expired token to access the Server again, which should be rejected. I am not sure whether it is convenient to test the expired token to access the Server in a unit test. If it is not convenient, I think you can add a test case for authentication failure when using an expired token to access the Server in the integration tests.

[noidname01]

Yeah, it seems it's better to test in integration tests because it needs to interact with server.

[jerryshao]

@noidname01 do you need to update the code base on #4012 ?

[noidname01]

@noidname01 do you need to update the code base on #4012 ?

Yes, I think so.

[jerryshao]

@noidname01 Do you have time continue on this?

[noidname01]

@noidname01 Do you have time continue on this?

@jerryshao Sorry for the inactiveness recently, I will finish this PR tonight

[jerryshao]

Thanks a lot, appreciated. @noidname01

[noidname01]

@jerryshao I have done with rebasing and some fix, please review again.

[jerryshao]

The file name is strange that 2 doesn't equal to "to", oauth2 is a auth name.

[noidname01]

Ah yes, I know but I miss to modify this file name.

[jerryshao]

@xloya @jerqi would you please help to review this PR.

[jerqi]

Why do we need this?

[xloya]

I guess to fix this issue: #4136 .

[xloya]

@noidname01 How about set it to the origin value, rather than set it to empty string?

[noidname01]

@noidname01 How about set it to the origin value, rather than set it to empty string?

Sure, fixed!

[jerqi]

Have you tested this using a real OAuth server?

[xloya]

Overall looks good to me, I think you need create an issue to track that add some integration tests for the truly Oauth2 auth.

[noidname01]

Have you tested this using a real OAuth server?

No, I haven't. I plan to do this in another PR. I've created #4208 to track.