Trino Client prompting for authentication at every Cursor created when using OAuth2Authentication

[IceS2]

Hello! I'm using the client to query Starburst.

I've been trying to understand how the Cache works for OAuth2Authentication since it's prompting for authentication at every cursor created.
I imagine it'd make sense to prompt for it at each connection created but not at every cursor, if not closing the previous opened connection.

I've got that error with the following code:

import trino

conn = trino.dbapi.connect(
            host=<HOST>,
            port=443,
            user=<USER>,
            http_scheme='https',
            auth=trino.auth.OAuth2Authentication()
        )

cur = conn.cursor()
cur.execute('SHOW CATALOGS')

cur = conn.cursor()
cur.execute('SHOW SCHEMAS IN hive')

If I reuse the same cursor this behavior doesn't happen and I don't need to authenticate multiple times.

[mdesmet]

My suspicion is that you use a remote Jupyter server on a headless server. This would mean that there is no webbrowser to launch and you only see the console output.

To make this work on the notebook server, the url should be captured and launched in your clientside webbrowser session. Also the cache should be made persistent over requests to the Jupyter server (through a custom cache hook as in #223).

A potential workaround is to use a long lived token and use JWT authentication.

[IceS2]

I'm not sure I understand the first part of your answer. The URL is launched on the webbrowser (I actually get a new tab with the authentication taking place). Isn't that right or am I missing something?

For the cache part I thought InMemory default one would work, but I'll check the custom cache solution!

[mdesmet]

I'm not sure I understand the first part of your answer. The URL is launched on the webbrowser (I actually get a new tab with the authentication taking place). Isn't that right or am I missing something?

Good to hear that the webbrowser works, I assume you run the notebook server locally then. It would not work if it's on a remote server that doesn't have a webbrowser.

For the cache part I thought InMemory default one would work, but I'll check the custom cache solution!

You might be right about this as the Python kernel in Jupyter must be kept alive including the inMemory cache. I will give it a try myself over the weekend.

[IceS2]

You're absolutely right!
I finally deployed a Notebook Service on EKS and it's stuck due to the webbrowser. I'll deal with that and then try to investigate the inMemory cache as well.

I assume that I should be able to reuse the connection without having to authenticate multiple times, right?

Thanks (=

[IceS2]

Curiously enough I couldn't find what the issue behind it was. Eventually at the production environment (Jupyterhub on EKS) everything worked as expected, being able to reuse the connection and create new cursors without any needs to keep authenticating at every new cursor.

Unless you'd like to debug more to understand why my original setup was having this issue we can close the issue (=

[hashhar]

We now have a built-in token cache which should reuse OAuth tokens as long as you connect using same user and to same Trino URI.