-
Notifications
You must be signed in to change notification settings - Fork 360
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use username as token subject in STS login #7637
Conversation
No linked issues found. Please add the corresponding issues in the pull request description. |
I don't understand:
Why? I would expect the name of the user to be mutable, whereas the external user ID is literally the identity of the user and should be immutable. I can certainly understand adding the name of the user to the token. Why does it have to be the subject? |
@arielshaqed I agree, yet the User model doesn't have a user ID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
one day we'll have IDs
@arielshaqed, the middleware currently expects the subject to be username, which is also the subject that is used in the login flow. It might not be ideal, but the purpose of this PR is to align sts with the login flow |
Thanks! Not in any way blocking this PR. |
Description
Currently, the STS login endpoint uses the externalID as the subject instead of the username. The token subject should be the username