(core) Add authSubject and authProvider to sessions

Summary: This also updates Authorizer to link the authSubject to Grist users if not previously linked. Linked subjects are now used as the username for password-based logins, instead of emails, which remain as a fallback. Test Plan: Existing tests, and tested login flows manually. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D3356
2026-03-02 04:09:24 +00:00 · 2022-04-11 11:08:44 -07:00
parent 14f7e30e6f
commit 859c593448
9 changed files with 56 additions and 29 deletions
--- a/app/common/UserAPI.ts
+++ b/app/common/UserAPI.ts
@@ -135,6 +135,8 @@ export interface Document extends DocumentProperties {
 export interface UserOptions {
  // Whether signing in with Google is allowed. Defaults to true if unset.
  allowGoogleLogin?: boolean;
+  // The "sub" (subject) from the JWT issued by the password-based authentication provider.
+  authSubject?: string;
  // Whether user is a consultant. Consultant users can be added to sites
  // without being counted for billing. Defaults to false if unset.
  isConsultant?: boolean;