Small polish

Author: zvonand

src/Access/Authentication.cpp

@@ -298,6 +298,9 @@ bool Authentication::areCredentialsValid(
     const ClientInfo & client_info,
     SettingsChanges & settings)
 {
+    /// It is OK for TokenCredentials to be not ready:
+    /// When auth request happens, we do not even know the username.
+    /// Token is resolved a bit later and the user information will be put in credentials
     if (!typeid_cast<const TokenCredentials *>(&credentials) && !credentials.isReady())
         return false;
 

src/Access/Common/JWKSProvider.cpp

@@ -21,7 +21,8 @@ jwt::jwks<jwt::traits::kazuho_picojson> JWKSClient::getJWKS()
     auto now = std::chrono::high_resolution_clock::now();
     auto diff = std::chrono::duration<double>(now - last_request_send).count();
 
-    if (diff < refresh_timeout) {
+    if (diff < refresh_timeout)
+    {
         jwt::jwks <jwt::traits::kazuho_picojson> result(cached_jwks);
         return result;
     }
@@ -31,14 +32,18 @@ jwt::jwks<jwt::traits::kazuho_picojson> JWKSClient::getJWKS()
 
     Poco::Net::HTTPRequest request{Poco::Net::HTTPRequest::HTTP_GET, jwks_uri.getPathAndQuery()};
 
-    if (jwks_uri.getScheme() == "https") {
+    if (jwks_uri.getScheme() == "https")
+    {
         Poco::Net::HTTPSClientSession session = Poco::Net::HTTPSClientSession(jwks_uri.getHost(), jwks_uri.getPort());
         session.sendRequest(request);
         std::istream & responseStream = session.receiveResponse(response);
         if (response.getStatus() != Poco::Net::HTTPResponse::HTTP_OK || !responseStream)
-            throw Exception(ErrorCodes::AUTHENTICATION_FAILED, "Failed to get user info by access token, code: {}, reason: {}", response.getStatus(), response.getReason());
+            throw Exception(ErrorCodes::AUTHENTICATION_FAILED, "Failed to get user info by access token, code: {}, reason: {}",
+                response.getStatus(), response.getReason());
         Poco::StreamCopier::copyStream(responseStream, responseString);
-    } else {
+    }
+    else
+    {
         Poco::Net::HTTPClientSession session = Poco::Net::HTTPClientSession(jwks_uri.getHost(), jwks_uri.getPort());
         session.sendRequest(request);
         std::istream & responseStream = session.receiveResponse(response);
@@ -51,10 +56,12 @@ jwt::jwks<jwt::traits::kazuho_picojson> JWKSClient::getJWKS()
 
     jwt::jwks<jwt::traits::kazuho_picojson> parsed_jwks;
 
-    try {
+    try
+    {
         parsed_jwks = jwt::parse_jwks(responseString.str());
     }
-    catch (const Exception & e) {
+    catch (const Exception & e)
+    {
         throw Exception(ErrorCodes::AUTHENTICATION_FAILED, "Failed to parse JWKS: {}", e.what());
     }
 
@@ -78,7 +85,8 @@ StaticJWKSParams::StaticJWKSParams(const std::string &static_jwks_, const std::s
 StaticJWKS::StaticJWKS(const StaticJWKSParams &params)
 {
     String content = String(params.static_jwks);
-    if (!params.static_jwks_file.empty()) {
+    if (!params.static_jwks_file.empty())
+    {
         std::ifstream ifs(params.static_jwks_file);
         content = String((std::istreambuf_iterator<char>(ifs)), (std::istreambuf_iterator<char>()));
     }

src/Access/Common/JWKSProvider.h

@@ -12,6 +12,10 @@
 namespace DB
 {
 
+/// JWKS (JSON Web Key Set) is a kind of a set of public keys that are used to validate JWT authenticity locally.
+/// They are usually exposed by identity providers (e.g. Keycloak) via a well-known URI (usually /.well-known/jwks.json)
+/// This interface is responsible for managing JWKS. Retrieving, caching and refreshing of JWKS happens here.
+/// JWKS can either be static (e.g. provided in config) or dynamic (fetched from a remote URI and).
 class IJWKSProvider
 {
 public: