Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15514

Add functionality to modify the sub at the module level to override the access_token/refresh_token

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2.1
    • Fix Version/s: None
    • Component/s: oauth2
    • Labels:
    • Support Ticket IDs:

      Description

      Provide a way to change which attribute is mapped to the sub in the  access_token/refresh_token.

      Usecase is where users are allowed to change their userId(cn) and an internal guid is used to identify a user. Customer would like to be able to configure the sub at the module level and be able to override the general settings at the clientid level.

      This is very similar to https://bugster.forgerock.org/jira/browse/OPENAM-7878 however customer would like to be able to update access and refresh token because it should be consistent across the tokens. Because if id_token has different sub than access_token it is a contradiction especially when the authentication sub is to be hidden by replacing with other attribute.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jordan.kasper Jordan Kasper
              • Votes:
                1 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated: