SaschaJohn opened a new pull request, #202:
URL: https://github.com/apache/polaris-tools/pull/202
Adds VITE_OIDC_PRINCIPAL_CLAIMS env variable (comma-separated list) to
control which JWT claims are used to resolve the Polaris principal name and in
what priority order.
Default behaviour is unchanged: sub,principal,principal_name,name.
Identity providers like Entra ID / Azure AD issue an opaque pairwise sub
claim that does not match human-readable principal names.
The problem here is Entra ID always has a sub set and
utils.js tries it always as first precedence:
// Try common JWT claim names for the principal/subject
return (
(decoded.sub as string) ||
(decoded.principal as string) ||
(decoded.principal_name as string) ||
(decoded.name as string) ||
null
Operators can now set:
VITE_OIDC_PRINCIPAL_CLAIMS=preferred_username,email,sub,name
to prefer the UPN/email instead, without code changes.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
