Tyooughtul commented on issue #1762: URL: https://github.com/apache/iggy/issues/1762#issuecomment-3797843440
I’ve run into an identity mapping issue and I’d like to get your thoughts on: Iggy’s internal JwtClaims expects the sub claim to be a u32 (our internal user ID), but external IdPs like Google/Okta return sub as a string (e.g. "google-oauth2|1076..."). This triggers a serde deserialization failure and the token gets rejected immediately. Two solutions I’ve considered so far: Require external tokens to include a custom claim (e.g. https://iggy.rs/uid) that holds the internal Iggy u32 user ID – we’d prioritize this claim during validation. Maintain a lookup table in Iggy’s database that maps external subject strings to internal u32 user IDs, and resolve the ID via this table when validating tokens. Wondering if you have a better approach or other ideas to solve this? Thanks!😊 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
