Standardizing the OAUTH2.0 JWT payload
Observed behavior
The service assumes an "email" attribute is present in the JWT payload, and attempts to get the "email" attribute. See here in /src/shared/utils.ts. There is not a standardized naming convention for this attribute, it could be "email", or "username", etc.
When using the sdutil to upload data with the --idtoken=
parameter, the service silently handles an error, and returns a cryptic response: 'created_by'
Expected behavior
The service should send a request to the /userInfo/
OAUTH2.0 endpoint to determine what this custom email attribute is, and then get it from the JWT dynamically to avoid naming conflicts between cloud providers and identity provider services.
Potential solutions
Here is an existing implementation of using this flow to first discover the custom email attribute, and then get it from the JWT payload: https://community.opengroup.org/osdu/platform/system/lib/cloud/aws/os-core-lib-aws/-/blob/master/src/main/java/org/opengroup/osdu/core/aws/entitlements/Authorizer.java#L121