fix(jans-auth-server): set sub claim to client identifier for "client credentials grant" for AT as JWT (original) (raw)

Description

fix(jans-auth-server): set sub claim to client identifier for "client credentials grant" for AT as JWT

reported in #11402

According to RFC 9068 the sub claim should be included in client credentials JWT.

REQUIRED - as defined in Section 4.1.2 of [RFC7519]. In cases of access tokens obtained through grants where a resource owner is involved, such as the authorization code grant, the value of "sub" SHOULD correspond to the subject identifier of the resource owner. In cases of access tokens obtained through grants where no resource owner is involved, such as the client credentials grant, the value of "sub" SHOULD correspond to an identifier the authorization server uses to indicate the client application. See Section 5 for more details on this scenario. Also, see Section 6 for a discussion about how different choices in assigning "sub" values can impact privacy.

https://datatracker.ietf.org/doc/html/rfc9068#section-2.2

Test cases and code coverage

• Write unit test to cover added/changed code
• Update integration tests to cover added/changed code