From bdde441a85f2a147d1170e409c13010dc4c9dd73 Mon Sep 17 00:00:00 2001
From: eliasjpr <eliasjpr@gmail.com>
Date: Fri, 18 Oct 2024 20:01:48 -0400
Subject: [PATCH] Fix user identifier in ID token generation

Updated the ID token generation to use the actual user ID instead of the username. This change ensures that the token is generated with the correct user identifier, aligning with expected authentication practices and potentially resolving issues related to user identification in tokens. This aligns more closely with the intended use of the 'sub' claim in token standards.
---
 src/authly/owner.cr | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/authly/owner.cr b/src/authly/owner.cr
index 81ab3ec..9ede4c9 100644
--- a/src/authly/owner.cr
+++ b/src/authly/owner.cr
@@ -29,10 +29,10 @@ module Authly
     def id_token(user_id : String) : Hash(String, String | Int64)
       user = find! { |owner| owner.username == user_id }
       {
-        "sub"   => user_id,
-        "iat"   => Time.utc.to_unix,
-        "exp"   => Authly.config.access_ttl.from_now.to_unix,
-        "iss"   => Authly.config.issuer,
+        "sub" => user.id,
+        "iat" => Time.utc.to_unix,
+        "exp" => Authly.config.access_ttl.from_now.to_unix,
+        "iss" => Authly.config.issuer,
       }
     end