that's using the typesafe request context. just replace the Principal/Credentials logic with your own. We should probably put that logic into somewhere shared in the lib or on the site... 🙂