Add JWT token authentication

[amotl]

CrateDB 5.7.0 introduced JWT token authentication. Let's also implement it on the client sides.

• Support service principal / JWT Token authentication crate#14238

/cc @matriv, @kneth

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

JWT token authentication support was added to the CrateDB Python client. This includes updates to the connection and HTTP client classes to accept and pass JWT tokens, documentation and changelog updates, and new tests to verify JWT authentication behavior. Existing authentication mechanisms remain unchanged.

Changes

File(s)	Change Summary
CHANGES.rst	Updated changelog to mention the new JWT token authentication feature.
docs/connect.rst	Added documentation and example for JWT token authentication in the connection setup.
src/crate/client/connection.py	Extended Connection.__init__ to accept and document a jwt_token parameter.
src/crate/client/http.py	Added jwt_token parameter to Client and Server for JWT authentication; sets Authorization header.
tests/client/test_http.py	Enhanced test handler for "Bearer" JWT tokens; added/updated tests for JWT token authentication.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Connection
    participant Client
    participant Server

    User->>Connection: connect(jwt_token=...)
    Connection->>Client: __init__(jwt_token=...)
    Client->>Server: request(..., jwt_token=...)
    Server->>Server: Add Authorization: Bearer <jwt_token> header (if not set)
    Server-->>Client: Response
    Client-->>Connection: Response
    Connection-->>User: Connection established

Loading

Poem

In fields of code, a token hops—
JWT in paw, it never stops.
Now clients greet with bearer flair,
Securely bounding here and there.
The docs are plump, the tests are keen,
This rabbit’s code is fresh and clean!
🐇✨

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jwt

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[seut]

👍
Maybe adding a sanity check to give a good error if token and user/password auth is used in conjunction would be useful. Afaik, the user/password args would be used then instead (it will just override the Authorization header afaik) which may not be clear to a user.

[kneth]

Thank you for providing support for JWT!

[surister]

@amotl Hi, do you have time to wrap this up with Sebastian's suggestion or do you mind If I take over?

[amotl]

Hi @surister. Feel free to take over any time. Thank you. 🙏

[amotl]

Hi. I just rebased the patch to make your job a bit easier. Thank you again.