Hi Reginald, The JWT token would normally be handled by Quarkus (or its plugins).... but it should be possible to access it in application (Polaris) code too.
Have a look at OidcTenantResolvingAugmentor [1] and related classes. We have PolarisPrincipal to represent API subjects. It might be reasonable to copy the JWT into it, following the pattern of javax.security.auth.Subject.getPrivateCredentials()... Might as well have something specific to JWT because these days other credential types are not likely to be used in practice... at least not in Polaris. [1] https://github.com/apache/polaris/blob/96f1459de5dd41dcfd5496e6a4f01810c4868526/runtime/service/src/main/java/org/apache/polaris/service/auth/external/tenant/OidcTenantResolvingAugmentor.java#L62 Cheers, Dmitri. On Fri, Nov 21, 2025 at 9:58 AM Arsenault, Reginald P. via dev < [email protected]> wrote: > UNCLASSIFIED / NON CLASSIFIÉ > > Thanks for the initial guidance Dmitri! I've gotten as far as configuring > the class to handle either use-case, but I can't for the life of me find > anything that will allow me to get a users token! Getting the > securityContext into the AwsCredentialsStorageIntegration is rather easy, > but the securityContext can't provide a token for the user. Does anyone > have any suggestions for how to actually get the requesting users token? > Here's my rough draft so far - > https://github.com/cccs-cat001/polaris/commit/7d212033145a0a3f1dd3fa7137b35ace114bfcfc > > Thanks, > R.J. >
