Problem statement
After reading documentation around ID Token Structure, the following points are still unclear:
- what does an ID Token’s Subject (sub) claim contain?
- what does this claim mean?
- what format(s) can it take?
Solution
The Subject (sub) claim is populated with the user’s user_id attribute. This attribute takes the form of [provider]|[local part] :
- The provider will indicate the strategy being used, such as:
auth0,google-oauth2,github, etc - The local part is flexible in the following ways:
- It can be explicitly set on account creation
- If not explicitly set during account creation, it will be a hex string, e.g.
5c6b52fd451bd02197ecbd5f