By: Chris Lumpkin user 24 Nov 2020 at 9:33 a.m. CST

2 Responses

I'm authenticating a user to oxAuth and getting an id token and access token, both as JWT per OpenID client config. The oxAuth config attribute `openidSubAttribute` is set to `inum`. The id/access tokens generated for a user with `inum` = `2d7b4790-9fbf-4179-ac0f-a021afb35548` are consistently coming back with `sub` = `QZFG5n9yGTGGhLwpxLCXzcopejHCaFi3U6MTR4BIxMI`. What encoding/encryption is being used here? Access token response payload: ``` { "aud": "60b04c43-ff49-4310-89c9-d6183ad3e6c5", "sub": "QZFG5n9yGTGGhLwpxLCXzcopejHCaFi3U6MTR4BIxMI", "x5t#S256": "", "scope": [ "openid", "profile", "offline_access" ], "iss": "https://auth.tcpdev.org", "token_type": "bearer", "exp": 1606156457, "iat": 1606152857, "client_id": "60b04c43-ff49-4310-89c9-d6183ad3e6c5", "username": "test" } ``` ID token response payload: ``` { "at_hash": "k7uRkn-Gfudi42EBvWoVLw", "aud": "60b04c43-ff49-4310-89c9-d6183ad3e6c5", "acr": "simple_password_auth", "c_hash": "BUXD36OBkkh03j9AGkJaVA", "sub": "QZFG5n9yGTGGhLwpxLCXzcopejHCaFi3U6MTR4BIxMI", "amr": [ "-1" ], "auth_time": 1606152844, "iss": "https://auth.tcpdev.org", "exp": 1606156457, "iat": 1606152857, "sid": "9cb5a62b-a44c-401c-9704-449251874a69", "oxOpenIDConnectVersion": "openidconnect-1.0" } ```

Docker 19.0

closed

By Chris Lumpkin user 24 Nov 2020 at 10 a.m. CST

Copy

I fixed the client config by changing subject type to `Public`.

By Michael Schwartz Account Admin 24 Nov 2020 at 10:12 a.m. CST

Copy

haha... that was going to be my first question.

You need to Login in order to post an answer

Obfuscation of 'sub' claim in id/access tokens

By: Chris Lumpkin user 24 Nov 2020 at 9:33 a.m. CST

Answers

By Chris Lumpkin user 24 Nov 2020 at 10 a.m. CST

By Michael Schwartz Account Admin 24 Nov 2020 at 10:12 a.m. CST

Post an answer