Fix user identifier in ID token generation

Updated the ID token generation to use the actual user ID instead of the username. This change ensures that the token is generated with the correct user identifier, aligning with expected authentication practices and potentially resolving issues related to user identification in tokens. This aligns more closely with the intended use of the 'sub' claim in token standards.
azutoolkit · Oct 19, 2024 · bdde441 · bdde441
1 parent 0832c2c
commit bdde441
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/authly/owner.cr b/src/authly/owner.cr
@@ -29,10 +29,10 @@ module Authly
     def id_token(user_id : String) : Hash(String, String | Int64)
       user = find! { |owner| owner.username == user_id }
       {
-        "sub"   => user_id,
-        "iat"   => Time.utc.to_unix,
-        "exp"   => Authly.config.access_ttl.from_now.to_unix,
-        "iss"   => Authly.config.issuer,
+        "sub" => user.id,
+        "iat" => Time.utc.to_unix,
+        "exp" => Authly.config.access_ttl.from_now.to_unix,
+        "iss" => Authly.config.issuer,
       }
     end