Currently Wagtail's OAuth2 Introspection endpoint returns only username as ID of the user. Layman currently uses username from the endpoint as OAuth2 sub in src/layman/authn/oauth2/__init__.py, but Layman also uses user's "id" from Wagtail's User profile endpoint as OAuth2 sub. It results into inconsistency in user's OAuth2 sub on Layman and it could result into unknown bugs.
Because username can be easily changed on Wagtail, we prefer to use always user's "id" as OAuth2 sub.
Currently Wagtail's OAuth2 Introspection endpoint returns only
usernameas ID of the user. Layman currently usesusernamefrom the endpoint as OAuth2subinsrc/layman/authn/oauth2/__init__.py, but Layman also uses user's "id" from Wagtail's User profile endpoint as OAuth2sub. It results into inconsistency in user's OAuth2subon Layman and it could result into unknown bugs.Because
usernamecan be easily changed on Wagtail, we prefer to use always user's "id" as OAuth2sub.