Auth Token Value Change

By: Minhyung Kim user 30 Oct 2020 at 4 a.m. CDT

8 Responses
Minhyung Kim gravatar
We have been using Gluu Server 4.1 until now and have upgraded to 4.2 recently and noticed a change that breaks our current process of authenticating users. When we request an auth token via the "https://<server host>/oxauth/restv1/token" endpoint, we get back "id_token" which is a JWT token containing the following values: ## Version 4.1 ``` { "aud": "f4bb5b97-734b-4c42-8c3c-fe7980498b11", "sub": "40fbc1ca-4df9-4140-95b8-cc020012c963", "iss": <server host>, "exp": 1604048866, "iat": 1604045266, "oxOpenIDConnectVersion": "openidconnect-1.0" } ``` ## Version 4.2 ``` { "aud": "83fe0fb4-4dc0-4bdc-9aa3-2cb5a0e7ff02", "sub": "mrchaos", "iss": <server host>, "exp": 1604048957, "iat": 1604045357, "oxOpenIDConnectVersion": "openidconnect-1.0" } ``` ## Our Question: Is there any way for us to put the inum value in sub instead of UID?
Ubuntu 18.04
closed

Answers

By Michael Schwartz Account Admin 30 Oct 2020 at 10:49 a.m. CDT

Copy
Michael Schwartz gravatar
Very strange. In the oxAuth JSON properties, look for `openidSubAttribute`. Is that still set to inum?

By Minhyung Kim user 01 Nov 2020 at 6:11 p.m. CST

Copy
Minhyung Kim gravatar
Yes, the openidSubAttribute is set as "inum"

By Michael Schwartz Account Admin 01 Nov 2020 at 8:42 p.m. CST

Copy
Michael Schwartz gravatar
This property can be overridden on a per client basis. Can you review the client config settings?

By Minhyung Kim user 01 Nov 2020 at 8:53 p.m. CST

Copy
Minhyung Kim gravatar
![](https://www.linkpicture.com/q/client.png) This is our client config settings. Which setting are you referring to? How would we be able to override the sub property?

By Michael Schwartz Account Admin 01 Nov 2020 at 9:09 p.m. CST

Copy
Michael Schwartz gravatar
Minhyung: You're right--I don't see it either. I thought this was a feature, but I must have imagined it. I created an issue to track the enhancement request: https://github.com/GluuFederation/oxAuth/issues/1489 @Mohit.Mali: Can you see if you can replicate this issue. If so, it's a bug that must be fixed in 4.2.2.

By Mohit Mali staff 02 Nov 2020 at 4:24 a.m. CST

Copy
Mohit Mali gravatar
Hi All, I am able to replicate this bug. Thanks and Regards Mohit Mali

By Yuriy Zabrovarnyy staff 03 Nov 2020 at 11:46 a.m. CST

Copy
Yuriy Zabrovarnyy gravatar
Would you please provide full request/response ? It is possible to get user name if you use Resource Owner Password Grant. It was done based on: https://github.com/GluuFederation/oxAuth/issues/1325

By Yuriy Zabrovarnyy staff 03 Nov 2020 at 12:14 p.m. CST

Copy
Yuriy Zabrovarnyy gravatar
We scheduled ticket on 4.2.2 to get consistent behavior for ROPC as well https://github.com/GluuFederation/oxAuth/issues/1491

Post an answer