Fix JWT sub claim to carry the actual user ID

The sub claim was hardcoded to the literal string "TokenForTheApiWithAuth"
for every token, making it useless for identifying the principal. It now
holds user.Id, matching the JWT spec and enabling standard token inspection
and future revocation workflows.
This commit is contained in:
2026-07-04 14:47:05 +01:00
parent ab2a617600
commit ea009c46c6

View File

@@ -64,7 +64,7 @@ public sealed class TokenService(IConfiguration configuration)
{
List<Claim> claims =
[
new(JwtRegisteredClaimNames.Sub, "TokenForTheApiWithAuth"),
new(JwtRegisteredClaimNames.Sub, user.Id),
new(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new(JwtRegisteredClaimNames.Iat,
EpochTime.GetIntDate(DateTime.UtcNow).ToString(CultureInfo.InvariantCulture)),