Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generic OAuth: Use sub claim #64688

Closed
Jguer opened this issue Mar 13, 2023 · 0 comments · Fixed by #65902
Closed

Generic OAuth: Use sub claim #64688

Jguer opened this issue Mar 13, 2023 · 0 comments · Fixed by #65902
Assignees
@kalleep
Labels
area/auth/oauth team/identity-access type/feature-request

Comments

@Jguer
Copy link
Contributor

Jguer commented Mar 13, 2023

Allow Generic OAuth to use the unique sub claim for user matching in addition to email through the user_auth.auth_id. (This is already the case in auth jwt and okta for example)

sub
REQUIRED. Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII characters in length. The sub value is a case sensitive string.

Definition of Done:

  • sub claim is used in Generic OAuth to match users

Questions:

Implement as default behavior or opt-in?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kalleep kalleep

Labels
area/auth/oauth team/identity-access type/feature-request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

GenericOAuth: Set sub as auth id grafana/grafana
2 participants
@Jguer @kalleep