Update the FABRIC service based user identity to be solely based on OIDC claim sub
[x] if email exists as part of the user claims, use it
[x] if email is not found, use sub to query the COmanage API and find the "official" email being used by the user represented by sub
[x] if sub is not found the user is not a valid FABRIC user
Details below
There is an increasing number of non-US based user's coming on board whose identity providers are not populating claims for email, given_name, family_name, and/or name. The only claim that can be counted on is sub (subject identifier)
sub relates to CILogon's understanding of who the user is relative to their database
email had been used by many of FABRIC's internal user identity routines since it was believed to be a commonly presented attribute, this assumption no longer holds true
Update the FABRIC service based user identity to be solely based on OIDC claim
sub
email
exists as part of the user claims, use itemail
is not found, usesub
to query the COmanage API and find the "official" email being used by the user represented bysub
sub
is not found the user is not a valid FABRIC userDetails below
There is an increasing number of non-US based user's coming on board whose identity providers are not populating claims for
email
,given_name
,family_name
, and/orname
. The only claim that can be counted on issub
(subject identifier)sub
relates to CILogon's understanding of who the user is relative to their databaseemail
had been used by many of FABRIC's internal user identity routines since it was believed to be a commonly presented attribute, this assumption no longer holds true