Describe the desired outcome from the user's perspective
As an app developer, I need to configure my application's concept of user identifier with a stable value that is not dynamically generated.
Acceptance criteria
- Support configuration of a custom
jwt token claim to return as guarded identity value
- Continue to use
sub claim by default, for backwards compatibility
Additional context
Note that keycloak creates a dynamic internal identifier used as sub claim in jwt access token for authorized users, whereas preferred_username claim is required to be unique and is also stable.
Describe the desired outcome from the user's perspective
As an app developer, I need to configure my application's concept of user identifier with a stable value that is not dynamically generated.
Acceptance criteria
jwttoken claim to return as guardedidentityvaluesubclaim by default, for backwards compatibilityAdditional context
Note that
keycloakcreates a dynamic internal identifier used assubclaim injwtaccess token for authorized users, whereaspreferred_usernameclaim is required to be unique and is also stable.