OIDC: Add configurable user id (between sub and preferred_username)

crates/frontend/src/config.rs

@@ -5,6 +5,16 @@ fn default_true() -> bool {
     true
 }
 
+#[derive(Deserialize, Serialize, Clone, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum UserIdClaim {
+    // The correct option
+    Sub,
+    // The more ergonomic option if you know what you're doing
+    #[default]
+    PreferredUsername,
+}
+
 #[derive(Deserialize, Serialize, Clone)]
 #[serde(deny_unknown_fields)]
 pub struct OidcConfig {
@@ -15,6 +25,8 @@ pub struct OidcConfig {
     pub scopes: Vec<Scope>,
     pub allow_sign_up: bool,
     pub require_group: Option<String>,
+    #[serde(default)]
+    pub userid_claim: UserIdClaim,
 }
 
 #[derive(Deserialize, Serialize, Clone)]

crates/frontend/src/oidc/mod.rs

@@ -1,4 +1,7 @@
-use crate::{FrontendConfig, config::OidcConfig};
+use crate::{
+    FrontendConfig,
+    config::{OidcConfig, UserIdClaim},
+};
 use actix_session::Session;
 use actix_web::{
     HttpRequest, HttpResponse, Responder,
@@ -194,10 +197,13 @@ pub async fn route_get_oidc_callback<AP: AuthenticationProvider>(
         }
     }
 
-    let user_id = user_info_claims
+    let user_id = match oidc_config.userid_claim {
-        .preferred_username()
+        UserIdClaim::Sub => user_info_claims.subject().to_string(),
-        .ok_or(OidcError::Other("Missing preferred_username claim"))?
+        UserIdClaim::PreferredUsername => user_info_claims
-        .to_string();
+            .preferred_username()
+            .ok_or(OidcError::Other("Missing preferred_username claim"))?
+            .to_string(),
+    };
 
     let mut user = auth_provider.get_principal(&user_id).await?;
     if user.is_none() {