Description
Jeffrey Crawford
I think I found a bug with the difference between basic auth and JWT auth. If you are using basic auth and you have the following set to a stem path to allow a basic auth user to be found:
ws.security.prependToUserIdForSubjectLookup = etc:wsusers:
then when doing basic auth, the system correctly prepends the value of whatever is in ws.security.prependToUserIdForSubjectLookup but the JWT method is looking up the user via the member_id and then trying to find the internal subject via the subject_id. However when the WS call tries to find the record, it’s adding the prepend string to the subject_id causing it to fail to be looked up, for example this is the subject_id the web service is trying to look up:
etc:wsusers:81ede5d0e7b0444f9048e60a2fa19359
instead of just:
81ede5d0e7b0444f9048e60a2fa19359 (edited)