Identifying users by source and source-id
It is possible to have users in CUE Content Store identified by a unique source and source-id from the IAM system instead of a username. This makes it possible to change a user's username (login name), for example if the person changes name in real life, while still being the same person in CUE Content Store.
By default, CUE User Manager will generate source and source-id based on the name of the IAM provider and the subject identifier included in the id token returned from the IAM.
The source and source-id will be included in the JSON response from the
https://um.example.com/user/me
webservice like so:
{ .. "source": "keycloak", "sourceId": "00u12efkyrMnlKKlL5d7" .. }
It is possible to override the default values by extending the OIDC
client configuration in the IAM backend to include a source and
source-id in custom
OIDC
claims. The claims must be named source
and
source_id
, and they must be included in
the
OIDC UserInfo endpoint.