Skip to content

feat: add jwt auth (#524) #855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add jwt auth (#524) #855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9dbfafd
added jwt auth
emmc15 Jul 18, 2025
65abbfc
updated pacakge version
emmc15 Jul 25, 2025
d48bc21
reverted back package version
emmc15 Aug 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ export class BasicAuth implements Auth {
constructor(readonly username: string, readonly password?: string) {}
}

export class JwtAuth implements Auth {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a correct implementation. It should be closer to the implementation like the one in the python client: https://github.com/trinodb/trino-python-client/blob/df08367b54d7d27c1cd826ca3fa34ca0173f4c63/trino/auth.py#L295

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank @wendigo for reviewing.

I wasn’t looking to make implement redirect or OAuth but rather the JWT one above from python like here however

readonly type: AuthType = 'bearer';
constructor(readonly jwt: string) {}
}


export type Session = {[key: string]: string};

export type ExtraCredential = {[key: string]: string};
Expand Down Expand Up @@ -170,9 +176,9 @@ const cleanHeaders = (headers: RawAxiosRequestHeaders) => {
};

/* It's a wrapper around the Axios library that adds some Trino specific headers to the requests */
class Client {
export class Client {
private constructor(
private readonly clientConfig: AxiosRequestConfig,
readonly clientConfig: AxiosRequestConfig,
private readonly options: ConnectionOptions
) {}

Expand Down Expand Up @@ -205,6 +211,10 @@ class Client {

headers[TRINO_USER_HEADER] = basic.username;
}
else if (options.auth && options.auth.type === 'bearer') {
const jwt: JwtAuth = <JwtAuth>options.auth;
headers.Authorization = `Bearer ${jwt.jwt}`;
}

clientConfig.headers = cleanHeaders(headers);

Expand Down
21 changes: 20 additions & 1 deletion tests/it/client.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import {BasicAuth, QueryData, Trino} from '../../src';
import {BasicAuth, JwtAuth, QueryData, Trino, Client} from '../../src';

const allCustomerQuery = 'select * from customer';
const limit = 1;
Expand Down Expand Up @@ -175,4 +175,23 @@ describe('trino', () => {
]);
expect(sales).toHaveLength(limit);
});

test.concurrent('Check JWT authentication', async () => {
const trino = Trino.create({
catalog: 'tpcds',
schema: 'sf100000',
auth: new JwtAuth('test-jwt-token'),
});
const query = await trino.query("select 1");
});

test.concurrent('Check Client has correct auth for JWT', async () => {
const client = Client.create({
catalog: 'tpcds',
schema: 'sf100000',
auth: new JwtAuth('test-jwt-token'),
});
const actualAuth = client.clientConfig.headers?.Authorization
expect(actualAuth).toBe('Bearer test-jwt-token');
});
});