Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why is 'id' called 'sub' in keycloak?

Im looking at the new Keycloak Beta 4 API. When i get the users account information, what is referred to as 'id' in the web ui comes back as 'sub' in the account object.

{ sub: '25a37fd0-d10e-40ca-af6c-821f20e01be8',
  name: 'Barrack Obama',
  preferred_username: '[email protected]',
  given_name: 'Barrack',
  family_name: 'Obama',
  email: '[email protected]' }

What is 'sub' and is this a safe uuid to map database objects to?

like image 520
Jack Murphy Avatar asked May 17 '18 17:05

Jack Murphy


1 Answers

As per the keycloak documentation

Anatomy of Action Token

Action token is a standard Json Web Token signed with active realm key where the payload contains several fields:

typ - Identification of the action (e.g. verify-email)

iat and exp - Times of token validity

sub - ID of the user

azp - Client name

iss - Issuer - URL of the issuing realm

aud - Audience - list containing URL of the issuing realm

asid - ID of the authentication session (optional)

nonce - Random nonce to guarantee uniqueness of use if the operation can only be executed once (optional)

Please refer the following link https://www.keycloak.org/docs/latest/server_development/index.html#_action_token_anatomy

Reason may be they want to retain the uniqueness in the name.

like image 91
Subodh Joshi Avatar answered Sep 20 '22 02:09

Subodh Joshi