[OIDC] Specify https://authgear.com/claims/user/identities claim#5741
[OIDC] Specify https://authgear.com/claims/user/identities claim#5741carmenlau wants to merge 4 commits into
Conversation
| "created_at": "2024-01-01T00:00:00Z", | ||
| "updated_at": "2024-01-01T00:00:00Z", | ||
| "login_id_key": "email" | ||
| } |
There was a problem hiding this comment.
I think it’s okay for different APIs to have different shapes as long as they are well documented and easy to understand, but we should keep the terminology consistent. (We could discuss)
Initially, I was wondering whether we should use the term login_id, since it feels more like an internal implementation detail to me. But after checking across different components, login_id has already been used in several places, so I think it’s fine to use it here as well.
For reference, how do the other APIs handle the login_id identity:
Auth flow api
https://docs.authgear.com/customization/custom-ui/authentication-flow-api
User import api
https://docs.authgear.com/reference/apis/user-import-api#initiate-import
User search
https://docs.authgear.com/reference/apis/admin-api/api-examples/search-for-users#search-users-by-email
There was a problem hiding this comment.
It seems very different...
Can we map a data model behind that we can make it more consistent?
There was a problem hiding this comment.
Let me draft something about it.
| "type": "login_id", | ||
| "created_at": "2024-01-01T00:00:00Z", | ||
| "updated_at": "2024-01-01T00:00:00Z", | ||
| "login_id_key": "email" |
There was a problem hiding this comment.
I think login_id_type is more useful than login_id_key, I suggest to expose both.
There was a problem hiding this comment.
I think I’ve fixed them up. It seems that the key has the same value as type. Is there any case where the key would be different?
There was a problem hiding this comment.
key is a user defined value in authgear.yaml. See identity.login_id.keys[].key. And type is a enum, only email, username, phone.
Example:
identity:
login_id:
keys:
- create_disabled: false
delete_disabled: false
key: email <-- this is key, can be any value
max_length: 320
type: email
update_disabled: false
- create_disabled: false
delete_disabled: false
key: phone
max_length: 40
type: phone
update_disabled: false
- create_disabled: false
delete_disabled: false
key: username
max_length: 40
type: username
update_disabled: falseThere was a problem hiding this comment.
OK, they are the same in my case just because the config is created by the portal. Let me update it to expose both.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ref DEV-3606