Feature Request: Allow ADLSFileIO to Accept Arbitrary Access Tokens for Authentication #13818
Description
Feature Request / Improvement
Description
Currently, ADLSFileIO in the Azure module only supports authentication via built-in Azure credential mechanisms such as DefaultAzureCredential, StorageSharedKeyCredential, or SAS tokens. This makes it difficult to integrate with external authentication flows that produce an arbitrary access token (e.g., OAuth 2.0 Bearer tokens from non-Azure identity providers, custom SSO integrations, or already-acquired Azure AD tokens from another process).
It would be valuable if ADLSFileIO could accept a pre-acquired token string directly, without requiring the developer to wrap it in a full TokenCredential or use environment-based auth.
Proposed Solution
Add a new config adls.token to AzureProperties
Use it to set DataLakeFileSystemClientBuilder credential(TokenCredential credential)
https://learn.microsoft.com/en-us/java/api/com.azure.storage.file.datalake.datalakefilesystemclientbuilder?view=azure-java-stable#com-azure-storage-file-datalake-datalakefilesystemclientbuilder-credential(com-azure-core-credential-tokencredential)
Query engine
None
Willingness to contribute
- I can contribute this improvement/feature independently
- I would be willing to contribute this improvement/feature with guidance from the Iceberg community
- I cannot contribute this improvement/feature at this time