Access token JWT returns "DISPLAY NAME" in the "username" field

By: Sidharth Nair user 16 Dec 2019 at 12:30 a.m. CST

2 Responses
Sidharth Nair gravatar
During an openid-connect request, when the openid client is configured to return access token as JWT, the JWT received in the response parameter has a "username" field. Currently in my installation, the value set for this field is the Display name for the user instead of the username itself. Is this the expected behaviour? If not how would i fix the mapping? ##Received payload: { "aud": "********-****-****-****-************", "sub": "************_******************", "x5t#S256": "", "scope": [ "phone", "openid", "user_name", "mobile_phone", "email" ], "iss": "https://llogin.xyz.com", "token_type": "bearer", "exp": 1576477069, "iat": 1576477019, "client_id": "f4e44c9b-28e1-4a0d-bd43-18823d30b4af", "username": "DISPLAY NAME" } ##Expected payload: { "aud": "********-****-****-****-************", "sub": "************_******************", "x5t#S256": "", "scope": [ "phone", "openid", "user_name", "mobile_phone", "email" ], "iss": "https://llogin.xyz.com", "token_type": "bearer", "exp": 1576477069, "iat": 1576477019, "client_id": "f4e44c9b-28e1-4a0d-bd43-18823d30b4af", "username": "username" }
Gluu 4.0 Ubuntu 18.04
closed

Answers

By Mohit Mali staff 16 Dec 2019 at 1:05 a.m. CST

Copy
Mohit Mali gravatar
Hi Sidharth Nair, Thank you for reaching out gluu support , Let me pull out right information for you please allow me a moment. Thanks and Regards Mohit Mali

By Aliaksandr Samuseu staff 17 Dec 2019 at 6:46 p.m. CST

Copy
Aliaksandr Samuseu gravatar
Hi, Sidharth. I've looked up some my previous talks with developer on this. >I think current implementation have username because it’s introspection response, we can’t say just displayName >because displayName of what? >that’s is the reason of username which in fact is display name. Maybe we don’t need it at all. >re: sub, we have it already, so it looks good >we have introspection script, customers can modify it in what ever way they want So, apparently it's not a bug, the name of this field is enforced by the spec, but it was decided that it will be more useful when carrying displayName's value instead. In any case, you should be able to modify contents of this token via custom interospection script. Please give it a try.

Post an answer