Keycloak Token map to user in my project

I want to map to a user in my persona project.

here I get the token
KeycloakPrincipal kp = (KeycloakPrincipal) principal;
IDToken idToken = kp.getKeycloakSecurityContext().getIdToken();

What is “unique” so that I can use that as a key to the local mapped user?

email (but this can change)?


So I am guessing the way is to add a GUID into the user in Keycloak and map that to my project to provide uniqueness (can’t use the email as it can change)?

The id of a user in Keycloak is a UUID and is unique. You can easily use that one to map local users.

I see it is passed across in the subject field.