Remap sub to email

[tobru]

After #259 I'm one step further to authenticate to Forgejo using rauthy.

Now I'm struggling with that error (Forgejo log):

2024/02/08 20:58:07 ...rs/web/auth/oauth.go:937:SignInOAuthCallback() [E] UserSignIn: userinfo 'sub' claim (myemail@example.com) did not match id_token 'sub' claim (MyUiDFromRauthy)

Is there a way to remap the sub field in the JWT to the E-Mail address of the user?

[sebadob]

No, you cannot map this.
This is actually the last small bug on my TODO list before I will release v0.21 (most probably tomorrow).
The sub in the access_token should actually map to the users ID, while the email should only be present in the ID token when email is in the scope.

The email in the access tokens sub is a leftover from an older version. Now everything is based on the 100% stable user ID, while the email might change over time for a user.

edit:

Actually, in the current nightly version are already some fixes and improvements included for the /userinfo.

[sebadob]

I just published v0.21.0-beta1.
You can use these images for testing:

Postgres

ghcr.io/sebadob/rauthy:0.21.0-beta1

SQLite

ghcr.io/sebadob/rauthy:0.21.0-beta1-lite

[tobru]

Just deployed ghcr.io/sebadob/rauthy:0.21.0-beta1-lite and I can confirm that this is solved.