Following up on my earlier email, I was able to trace the issue and am now trying to understand the reasoning behind the current implementation.
When a PolarisPrincipal (org.apache.polaris.core.auth.PolarisPrincipal) is created from a PrincipalEntity (org.apache.polaris.core.entity.PrincipalEntity), it appears to copy only the internal properties using getInternalPropertiesAsMap(). This preserves attributes such as clientId, but drops user-defined attributes. Based on this behavior, it seems that using principalEntity.getPropertiesAsMap() instead of principalEntity.getInternalPropertiesAsMap() would retain both internal and user-defined attributes. Is there a specific reason why user-defined attributes are intentionally excluded when creating a PolarisPrincipal object? Regards, Selva- > On Apr 23, 2026, at 1:34 PM, Selvamohan Neethiraj <[email protected]> wrote: > > Hi, > > I am using the REST API /api/management/v1/principals to create a new > principal with user attributes (for example: region=northamerica). The API > call completes successfully, and the response correctly includes the > specified user attributes. > > However, when I use the returned client-id and client-secret to obtain an > OAuth token from /api/catalog/v1/oauth/tokens, and then use that token to > perform other API operations (such as listing catalogs via > /api/management/v1/catalogs), the server-side Polaris principal does not > appear to include the user attributes. > > Specifically, the user attributes defined during principal creation do not > seem to be available during subsequent API calls authenticated using the > generated OAuth token. > > Could you please confirm: > > 1. Whether this is the expected behavior, or > 2. If there is an additional step required to propagate or include principal > attributes when generating or using OAuth tokens, or > 3. If this might be a bug. > > Thanks in advance for your guidance. > > Best regards, > Selva
