mirror of
https://github.com/claunia/marechai.git
synced 2026-07-08 17:57:08 +00:00
Fix JWT sub claim to carry the actual user ID
The sub claim was hardcoded to the literal string "TokenForTheApiWithAuth" for every token, making it useless for identifying the principal. It now holds user.Id, matching the JWT spec and enabling standard token inspection and future revocation workflows.
This commit is contained in:
@@ -64,7 +64,7 @@ public sealed class TokenService(IConfiguration configuration)
|
||||
{
|
||||
List<Claim> claims =
|
||||
[
|
||||
new(JwtRegisteredClaimNames.Sub, "TokenForTheApiWithAuth"),
|
||||
new(JwtRegisteredClaimNames.Sub, user.Id),
|
||||
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
|
||||
new(JwtRegisteredClaimNames.Iat,
|
||||
EpochTime.GetIntDate(DateTime.UtcNow).ToString(CultureInfo.InvariantCulture)),
|
||||
|
||||
Reference in New Issue
Block a user