Spring Security OAuth2 project with
Spring Boot and
Authorization Code grant type I see some difference in the structure of the access token in regards where the username of the logged in user is put, in comparison with the access token from my earlier try with the
Spring Security Authorization Server experimental project.
OAuth2 is a standard, so at least some parts of the access token
JSON must be the same.
Spring Security OAuth2 Authorization Server (experimental)
I don’t know which version is more close to the
Is this on
Keycloak side a configuration, so that the username of the logged in user is put into the
preferred_username attribute? Can this be configured to be in the
I right now use only
Keycloak, but to be more close to the
OAuth2 standard, and also more flexible if someone in the project decides to switch the authorization server, I would like my code in the frontend and backend not to be modified much, if I have to obtain some information from the access token.
If I expect the username of the logged in user to be always in the
sub attribute, my code just has to access that attribute. It would be cumbersome if it is dependent on the authorization server used, and everytime in a different attribute.