This diff adds an abstract DagsterAuthManager class and custom Dagster Instance FlaskDagsterInstance that users can implement for run attribution. The string returned from get_identity is attached to all runs created through the GraphQL layer as a tag.
Actually duh that is in the daemon process rather than dagit.
I would consider a more generic mechanism, such as pluggable tag provider or a way to customize the run creation process. That way this could be used for other purposes as well.
I think I agree that another layer of indirection would be nice here, with e.g. get_additional_tags_for_run(pipeline_run) on the custom instance, and then the implementation of that calling the auth manager. i also think it makes sense to call this auth manager something like FlaskAuthManager