yapnel commented on issue #2373:
URL: https://github.com/apache/polaris/issues/2373#issuecomment-3941636871
This is my settings and it worked for me. Give it a try.
# --- Authentication Configuration (OIDC) ---
# 0. Enable OIDC in Polaris
quarkus.oidc.tenant-enabled: true
# 1. Enable External Auth
POLARIS_AUTHENTICATION_TYPE: mixed
# 2. Auth0 Connection Details
# MUST end with a trailing slash if Auth0 'iss' claim has one
QUARKUS_OIDC_AUTH_SERVER_URL: https://x.com/
# MUST match the 'aud' claim in your token
QUARKUS_OIDC_CLIENT_ID: https://x.com
QUARKUS_OIDC_APPLICATION_TYPE: service
# --- Principal Mapping (Who is the user?) ---
POLARIS_OIDC_PRINCIPAL_MAPPER_TYPE: default
# CRITICAL FIX 1: Map by Name, not ID.
# The token contains "principal_name": "root". Polaris will look up
user "root".
# We REMOVED 'id-claim-path' to prevent the NumberFormatException
crash.
POLARIS_OIDC_PRINCIPAL_MAPPER_NAME_CLAIM_PATH: principal_name
# --- Role Mapping (What can they do?) ---
#POLARIS_OIDC_PRINCIPAL_ROLES_MAPPER_TYPE: default
# CRITICAL FIX 2: Point to the custom claim in your Auth0 Action
#QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH: polarisRoles
# CRITICAL FIX 3: Keep role names as-is (e.g., "service_admin")
# Do not add "PRINCIPAL_ROLE:" prefix
#POLARIS_OIDC_PRINCIPAL_ROLES_MAPPER_MAPPINGS_0__REGEX: (.*)
#POLARIS_OIDC_PRINCIPAL_ROLES_MAPPER_MAPPINGS_0__REPLACEMENT: $1
# --- Debugging ---
# Keep this enabled until everything is stable
QUARKUS_LOG_CATEGORY_"IO_QUARKUS_OIDC"_LEVEL: DEBUG
QUARKUS_LOG_CATEGORY_"IO_QUARKUS_SMALLRYE_JWT"_LEVEL: DEBUG
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
