https://polaris.apache.org/releases/1.4.1/managing-security/external-idp/Recent content in Identity Providers on Apache PolarisHugoen-us<a href="https://www.apache.org/">Copyright © 2026 The Apache Software Foundation</a>.<br>Licensed under the <a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.https://polaris.apache.org/releases/1.4.1/managing-security/external-idp/idp-dev-notes/Mon, 01 Jan 0001 00:00:00 +0000https://polaris.apache.org/releases/1.4.1/managing-security/external-idp/idp-dev-notes/<h2 id="developer-architecture-notes" id="developer-architecture-notes">Developer Architecture Notes<a class="heading-anchor" href="#developer-architecture-notes" aria-label="Anchor">🔗</a> </h2> <h3 id="authentication-architecture" id="authentication-architecture">Authentication Architecture<a class="heading-anchor" href="#authentication-architecture" aria-label="Anchor">🔗</a> </h3> <p>Polaris separates authentication into two logical phases using <a href="https://quarkus.io/guides/security-overview">Quarkus Security</a>:</p> <ol> <li>Credential extraction – parsing headers and tokens</li> <li>Credential authentication – validating identity and assigning roles</li> </ol> <h3 id="key-interfaces" id="key-interfaces">Key Interfaces<a class="heading-anchor" href="#key-interfaces" aria-label="Anchor">🔗</a> </h3> <ul> <li> <p><a href="https://github.com/apache/polaris/blob/main/runtime/service/src/main/java/org/apache/polaris/service/auth/Authenticator.java"><code>Authenticator</code></a>: A core interface used to authenticate credentials and resolve principal and principal roles. Roles may be derived from OIDC claims or internal mappings.</p> </li> <li> <p><a href="https://github.com/apache/polaris/blob/main/runtime/service/src/main/java/org/apache/polaris/service/auth/InternalPolarisToken.java"><code>InternalPolarisToken</code></a>: Used in internal auth and inherits from <code>PrincipalCredential</code>.</p>