(core) Add authSubject and authProvider to sessions

Summary: This also updates Authorizer to link the authSubject to Grist users if not previously linked. Linked subjects are now used as the username for password-based logins, instead of emails, which remain as a fallback. Test Plan: Existing tests, and tested login flows manually. Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D3356
2026-03-02 04:09:24 +00:00 · 2022-04-11 11:08:44 -07:00
parent 14f7e30e6f
commit 859c593448
9 changed files with 56 additions and 29 deletions
--- a/app/server/lib/BrowserSession.ts
+++ b/app/server/lib/BrowserSession.ts
@@ -19,9 +19,17 @@ export interface SessionUserObj {
   */
  lastLoginTimestamp?: number;

-  // [UNUSED] Authentication provider string indicating the login method used.
+  /**
+   * The authentication provider. (Typically the JWT "iss".)
+   */
  authProvider?: string;

+  /**
+   * Identifier for the user from the authentication provider. (Typically
+   * the JWT "sub".)
+   */
+  authSubject?: string;
+
  // [UNUSED] Login ID token used to access AWS services.
  idToken?: string;