From cb0a6f9d3201b877bb1095a3a960ab0050d93d38 Mon Sep 17 00:00:00 2001
From: Frederic Khayat <khayatfrederic@gmail.com>
Date: Mon, 11 Aug 2025 09:43:40 +0200
Subject: [PATCH] Add PyIceberg example

---
 .../getting-started/using-polaris.md          | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/site/content/in-dev/unreleased/getting-started/using-polaris.md b/site/content/in-dev/unreleased/getting-started/using-polaris.md
index 39a53ff970..857b086e3c 100644
--- a/site/content/in-dev/unreleased/getting-started/using-polaris.md
+++ b/site/content/in-dev/unreleased/getting-started/using-polaris.md
@@ -285,6 +285,51 @@ SELECT * FROM iceberg.quickstart_schema.quickstart_table;
 org.apache.iceberg.exceptions.ForbiddenException: Forbidden: Principal 'quickstart_user' with activated PrincipalRoles '[]' and activated grants via '[quickstart_catalog_role, quickstart_user_role]' is not authorized for op LOAD_TABLE_WITH_READ_DELEGATION
 ```
 
+### Connecting with PyIceberg
+
+#### Using Credentials
+
+```python
+from pyiceberg.catalog import load_catalog
+
+catalog = load_catalog(
+    type='rest',
+    uri='http://localhost:8181/api/catalog',
+    warehouse='quickstart_catalog',
+    scope="PRINCIPAL_ROLE:ALL",
+    credential=f"{CLIENT_ID}:{CLIENT_SECRET}",
+)
+```
+
+If the `load_catalog` function is used with credentials, then PyIceberg will automatically request an authorization token from the `v1/oauth/tokens` endpoint, and will later use this token to prove its identity to the Polaris Catalog.
+
+#### Using a Token
+
+```python
+from pyiceberg.catalog import load_catalog
+import requests
+
+# Step 1: Get OAuth token
+response = requests.post(
+    "http://localhost:8181/api/catalog/v1/oauth/tokens",
+    auth =(CLIENT_ID, CLIENT_SECRET),
+    data = {
+        "grant_type": "client_credentials",
+        "scope": "PRINCIPAL_ROLE:ALL"
+    })
+token = response.json()["access_token"]
+
+# Step 2: Load the catalog using the token
+catalog = load_catalog(
+    type='rest',
+    uri='http://localhost:8181/api/catalog',
+    warehouse='quickstart_catalog',
+    token=token,
+)
+```
+
+It is possible to use `load_catalog` function by providing an authorization token directly. This method is useful when using an external identity provider (e.g. Google Identity).
+
 ### Connecting Using REST APIs
 
 To access Polaris from the host machine, first request an access token: