From 4d6267d40af12c8dd9167fd6b3a25c74b8dd3178 Mon Sep 17 00:00:00 2001
From: Evert Prants <evert@lunasqu.ee>
Date: Fri, 2 Dec 2022 22:55:40 +0200
Subject: [PATCH] include sub in standard claims

---
 src/modules/api/api.controller.ts                         | 8 +++++++-
 .../oauth2-router/oauth2-router.controller.ts             | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/modules/api/api.controller.ts b/src/modules/api/api.controller.ts
index cec6411..26b6060 100644
--- a/src/modules/api/api.controller.ts
+++ b/src/modules/api/api.controller.ts
@@ -62,6 +62,7 @@ export class ApiController {
       display_name: user.display_name,
 
       // Standard claims
+      sub: user.uuid,
       name: user.display_name,
       preferred_username: user.username,
       nickname: user.display_name,
@@ -72,7 +73,12 @@ export class ApiController {
       userData.email_verified = true;
     }
 
-    if ((scope.includes('image') || scopelessAccess) && user.picture) {
+    if (
+      (scope.includes('image') ||
+        scope.includes('picture') ||
+        scopelessAccess) &&
+      user.picture
+    ) {
       userData.image = `${this._config.get('app.base_url')}/uploads/${
         user.picture.file
       }`;
diff --git a/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts b/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts
index a94cc18..f7745c2 100644
--- a/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts
+++ b/src/modules/ssr-front-end/oauth2-router/oauth2-router.controller.ts
@@ -87,6 +87,7 @@ export class OAuth2Controller {
       display_name: user.display_name,
 
       // Standard claims
+      sub: user.uuid,
       name: user.display_name,
       preferred_username: user.username,
       nickname: user.display_name,