You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we renamed the custom user_id claim to sub in #692, we forgot to adjust its behaviour when AUTH_JWT_NAMESPACE is configured.
user_id was our custom claim whose name is prone to conflicts when included at the top level of a token. For that reason, developers could define an arbitrarily-named namespace using the AUTH_JWT_NAMESPACE configuration option and put the user_id claim under that.
sub is a registered claim that's defined in the original JWT spec, it is only supposed to be included at the top level, not nested under any namespaces.
When we renamed user_id to sub, we didn't put any guards in place to ensure that sub is only looked up at the top level. As a consequence, putting the sub claim under a developer-defined namespace is currently possible, though unintentionally.
To remove the confusion, we should make it so Electric only looks up the sub claim at the top level of a token. The namespace configuration option becomes somewhat unnecessary in light of that but we can keep it as an extension point for when we add support for more custom claims in the future.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
When we renamed the custom
user_id
claim tosub
in #692, we forgot to adjust its behaviour whenAUTH_JWT_NAMESPACE
is configured.user_id
was our custom claim whose name is prone to conflicts when included at the top level of a token. For that reason, developers could define an arbitrarily-named namespace using theAUTH_JWT_NAMESPACE
configuration option and put theuser_id
claim under that.sub
is a registered claim that's defined in the original JWT spec, it is only supposed to be included at the top level, not nested under any namespaces.When we renamed
user_id
tosub
, we didn't put any guards in place to ensure thatsub
is only looked up at the top level. As a consequence, putting thesub
claim under a developer-defined namespace is currently possible, though unintentionally.This has sprung some confusion in the community, see this thread in Discord - https://discord.com/channels/933657521581858818/1227630648261476352/1227953166763688106.
To remove the confusion, we should make it so Electric only looks up the
sub
claim at the top level of a token. The namespace configuration option becomes somewhat unnecessary in light of that but we can keep it as an extension point for when we add support for more custom claims in the future.Beta Was this translation helpful? Give feedback.
All reactions