Update the FABRIC service based user identity to be solely based on OIDC claim sub
[x] if email exists as part of the user claims, use it
[x] if email is not found, use sub to query the COmanage API and find the "official" email being used by the user represented by sub
[x] if sub is not found the user is not a valid FABRIC user
Details below
There is an increasing number of non-US based user's coming on board whose identity providers are not populating claims for email, given_name, family_name, and/or name. The only claim that can be counted on is sub (subject identifier)
sub relates to CILogon's understanding of who the user is relative to their database
email had been used by many of FABRIC's internal user identity routines since it was believed to be a commonly presented attribute, this assumption no longer holds true
mjstealey
commented
11 months ago
Update the FABRIC service based user identity to be solely based on OIDC claim
subemailexists as part of the user claims, use itemailis not found, usesubto query the COmanage API and find the "official" email being used by the user represented bysubsubis not found the user is not a valid FABRIC userDetails below
There is an increasing number of non-US based user's coming on board whose identity providers are not populating claims for
email,given_name,family_name, and/orname. The only claim that can be counted on issub(subject identifier)subrelates to CILogon's understanding of who the user is relative to their databaseemailhad been used by many of FABRIC's internal user identity routines since it was believed to be a commonly presented attribute, this assumption no longer holds true