Skip to content

Trino-Gateway Trying to indefinitely perform oauth2 authentication #892

New issue
New issue
Open
Open
Trino-Gateway Trying to indefinitely perform oauth2 authentication#892
@TessaIO

Description

@TessaIO
TessaIO
opened on Feb 4, 2026

Introduction

We recently integrated Trino-gateway in our infrastructure, and we currently have 2 Clusters (we can name them A and B for simplicity). Both of them support OAuth2 authentication via the same Google OAuth2 client, as recommended by the Trino-gateway security guide.
In the current setup, A is the default cluster and B gets traffic depending on specific headers.

Issue

What happens is that, when we try to connect via JDBC to cluster A it works smoothly with OAuth2. However, when we set client_tags in the JDBC connection and try to connect to cluster B via OAuth2, the OAuth2 authentication window keeps opening up indefinitely.
In the logs, trino-gateway shows that it's trying to send the request to the correct cluster which is B.

Configuration

config.yaml: |-
  authentication:
    defaultType: oauth
    oauth:
      authorizationEndpoint: https://accounts.google.com/o/oauth2/v2/auth
      clientId: ${ENV:OAUTH_CLIENT_ID}
      clientSecret: ${ENV:OAUTH_CLIENT_SECRET}
      issuer: https://accounts.google.com
      jwkEndpoint: https://www.googleapis.com/oauth2/v3/certs
      privilegesField: email
      redirectUrl: https://URL/oidc/callback
      redirectWebUrl: https://URL/
      scopes:
      - openid
      - email
      - profile
      tokenEndpoint: https://oauth2.googleapis.com/token
      userIdField: email
  authorization:
    admin: ^(tessa)@xxxx\.xxx$
    api: ""
    user: ^(tessa)@xxxx\.xx$
  clusterStatsConfiguration:
    monitorType: INFO_API
  dataStore:
    driver: org.postgresql.Driver
    jdbcUrl: jdbc:postgresql://xxxxxxxxx:5432/prod
    password: ${ENV:PG_PASSWORD}
    queryHistoryHoursRetention: 168
    runMigrationsEnabled: true
    user: gateway
  pagePermissions:
    admin: dashboard_cluster_resource-group_selector_history
    api: null
    user: dashboard_history
  routing:
    defaultRoutingGroup: main
  routingRules:
    rulesConfigPath: /etc/routing-rules/routing_rules.yaml
    rulesEngineEnabled: true
    rulesType: FILE
  serverConfig:
    http-server.http.enabled: true
    http-server.http.port: 8080
    http-server.process-forwarded: true
    node.environment: prod

Version

We're using:

  • Trino Gateway: 16
  • Trino: 477

Let me know if you need any further information to move this forward.
Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions