S3 Remote Signing no token Refresh

[c-thiel]

Apache Iceberg version

PyIceberg 0.9.1

Please describe the bug 🐞

When using remote-signing with PyIceberg I receive a 401 Authorized error as soon as the initial token expires. Subsequent calls to other endpoints of the Catalog, such as listing namespaces, work even with the same sessions. So I believe while the token is refreshed successfully for the Catalog, this new token is not used for signing requests.
Especially Keycloak per default hands out tokens with 1min lifetime, which makes this very notable if a single table load takes longer than this.

I was hoping that someone deeper in the Codebase might have already have a good solution in mind? Otherwise I will try to find some time to dig into this.

Willingness to contribute

• I can contribute a fix for this bug independently
• I would be willing to contribute a fix for this bug with guidance from the Iceberg community
• I cannot contribute a fix for this bug at this time

[Fokko]

@c-thiel I think this is still an open question, related to #2544. Which version of PyIceberg are you using?