In a Spring Security OAuth2
project with Spring Boot
and Keycloak
with Authorization Code
grant type I see some difference in the structure of the access token in regards where the username of the logged in user is put, in comparison with the access token from my earlier try with the Spring Security Authorization Server
experimental project.
I thought OAuth2
is a standard, so at least some parts of the access token JSON
must be the same.
Spring Security OAuth2 Authorization Server (experimental)
PAYLOAD:DATA
{
“sub”: “aadmin”,
…
}
Keycloak
PAYLOAD:DATA
{
“sub”: “95a3d678-75fa-4a4c-84d4-4d5df1facbb2”,
“preferred_username”: “aadmin”,
…
}
I don’t know which version is more close to the OAuth2
standard.
Is this on Keycloak
side a configuration, so that the username of the logged in user is put into the preferred_username
attribute? Can this be configured to be in the sub
attribute?
I right now use only Keycloak
, but to be more close to the OAuth2
standard, and also more flexible if someone in the project decides to switch the authorization server, I would like my code in the frontend and backend not to be modified much, if I have to obtain some information from the access token.
If I expect the username of the logged in user to be always in the sub
attribute, my code just has to access that attribute. It would be cumbersome if it is dependent on the authorization server used, and everytime in a different attribute.