Make the OAuth2 request scope configurable

[flyrain]

Feature Request / Improvement

OAuth2 Scope is a mechanism to limit an application's access to a user's account. It can also be used to ask for more information like openId user profile(id, name, email, etc). The user profile is useful for ACL checking in the server side. Currently PyIceberg hard-codes it to catalog, which cannot support the use case above. I'd suggest to make it configurable. WDYT? cc @Fokko @danielcweeks @syun64 @RussellSpitzer

Here is an http request example for better understanding.

curl --request POST \
  --url https://xxx.com/oauth2/token \
  --header 'Authorization: Basic xxx' \
  --header 'content-type: multipart/form-data' \
  --form grant_type=client_credentials \
  --form 'scope=openid offline corpds:ds:profile' \

Then the token in response will have the user profile like this:

corpds:ds:dsid=2321321, corpds:ds:[email protected], corpds:ds:employeeType=D, corpds:ds:firstName=Bot1

[sungwy]

Hi @flyrain thanks for raising this. I just took a look into the Java code, and the scope already seems to be configurable there.

Would you like to put up a PR here to make it similarly configurable?

Related PR: apache/iceberg#6616

[flyrain]

Thanks for conform, @syun64 . Glad it was taken care in Java.

[Fokko]

#484 went in, closing this one 👍