GitHub user adutra added a comment to the discussion: External (Custom) Authentication Configuration
You can have a look at the default impl: https://github.com/apache/polaris/blob/main/runtime/service/src/main/java/org/apache/polaris/service/auth/external/mapping/DefaultPrincipalRolesMapper.java Given your use case, I think something like below could be a starting point for your impl: ```java @ApplicationScoped @Identifier("custom") class CustomPrincipalRolesMapper implements PrincipalRolesMapper { @Override public Set<String> mapPrincipalRoles(SecurityIdentity identity) { var jwt = (JsonWebToken) identity.getPrincipal(); String subject = jwt.getSubject(); Set<String> roles = callRemoteRolesEndpoint(subject); return roles.stream() .map(r -> "POLARIS_ROLE:" + r) .collect(Collectors.toSet()); } private Set<String> callRemoteRolesEndpoint(String subject) { // TODO implement return Set.of(); } } ``` Polaris makes heavy use of runtime identifier-based bean selection – note the `@Identifier("custom")` annotation. In order to select this bean at runtime instead of the default one, add this line to your configuration: ```properties polaris.oidc.principal-roles-mapper.type=custom ``` GitHub link: https://github.com/apache/polaris/discussions/3420#discussioncomment-15484734 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
