Replies: 1 comment
-
|
Hi, I ran into the same problem. In the end I changed the subject mode in the provider settings from the default to UUID, which can then be used as a parameter to filter the core user list from the API. 
Currently, the default provider setting for subject mode is "User's hashed ID". This means that when authentik provides the client with the token, the sub field on the token is set to the user's genericised "uid" value in authentik. However, as you have said, you are unable to query the user list API with a uid parameter - I'm guessing for security reasons? So if you're, say, using the sub value from the user's token in a separate backend system that also needs to query the authentik API, you're better off using the UUID rather than the hashed user ID. Edit: oh I should add you'll need to remove all hyphens ("-") from the uuid before querying. The API doesn't accept them. If there are no security issues with querying the api for hashed ID directly, then perhaps one day it could be added as a query parameter. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I use Authentik with a custom Django REST Framework backend, and I link users using the sub identifier from the OAuth claims.
Looking at the Authentik source code (https://github.com/goauthentik/authentik/blob/main/authentik/core/models.py#L390), I saw that the sub maps to the uid property of the User model.
However, I can’t find a way to filter users by this identifier via the API. As far as I know, it’s not possible to filter directly on a Python property.
Does anyone have an idea on how to efficiently filter users by this property?
Regards,
Beta Was this translation helpful? Give feedback.
All reactions