🦎 A multi-protocol edge & service proxy. Seamlessly interface web apps, IoT clients, & microservices to Apache Kafka® via declaratively defined, stateless APIs.
Describe the desired outcome from the user's perspective
As an app developer, I need to configure my application's concept of user identifier with a stable value that is not dynamically generated.
Acceptance criteria
Support configuration of a custom jwt token claim to return as guarded identity value
Continue to use sub claim by default, for backwards compatibility
Additional context
Note that keycloak creates a dynamic internal identifier used as sub claim in jwt access token for authorized users, whereas preferred_username claim is required to be unique and is also stable.
Describe the desired outcome from the user's perspective As an app developer, I need to configure my application's concept of user identifier with a stable value that is not dynamically generated.
Acceptance criteria
jwttoken claim to return as guardedidentityvaluesubclaim by default, for backwards compatibilityAdditional context Note that
keycloakcreates a dynamic internal identifier used assubclaim injwtaccess token for authorized users, whereaspreferred_usernameclaim is required to be unique and is also stable.