Details
-
New Feature
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
Description
Jonathan Zhao
1 day ago
Another finding, grouper treats grouper_password.username, rather than grouper_password.member_id as the member_id part in bearer token.
When creating a JWT key from UI, a new row is automatically created in table grouper_password with column "username" and "member_id" set to the same value.
If we change the value of grouper_password.member_id to anything different, the authn still works well;
But if we change the value of grouper_password.username to a different value, the authn fails, and reports error "cannot find public key for ...".
It's very confusing that the member_id in bearer token (also the one in UI) is not saved in column grouper_password.member_id but in column grouper_password.username.