epam
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎credentials/src/main/java/com/epam/aidial/core/credentials/data/credentials/ResourceCredentials.java‎
Lines changed: 3 additions & 1 deletion b/‎credentials/src/main/java/com/epam/aidial/core/credentials/data/credentials/ResourceCredentials.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎credentials/src/main/java/com/epam/aidial/core/credentials/service/ResourceAuthSettingsService.java‎
Lines changed: 4 additions & 4 deletions b/‎credentials/src/main/java/com/epam/aidial/core/credentials/service/ResourceAuthSettingsService.java‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎credentials/src/main/java/com/epam/aidial/core/credentials/service/ResourceCredentialsService.java‎
Lines changed: 7 additions & 7 deletions b/‎credentials/src/main/java/com/epam/aidial/core/credentials/service/ResourceCredentialsService.java‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎credentials/src/test/java/com/epam/aidial/core/credentials/service/AuthorizationHeaderProviderTest.java‎
Lines changed: 1 addition & 1 deletion b/‎credentials/src/test/java/com/epam/aidial/core/credentials/service/AuthorizationHeaderProviderTest.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎credentials/src/test/java/com/epam/aidial/core/credentials/service/ResourceAuthSettingsServiceTest.java‎
Lines changed: 1 addition & 1 deletion b/‎credentials/src/test/java/com/epam/aidial/core/credentials/service/ResourceAuthSettingsServiceTest.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎credentials/src/test/java/com/epam/aidial/core/credentials/service/ResourceCredentialsServiceTest.java‎
Lines changed: 2 additions & 2 deletions b/‎credentials/src/test/java/com/epam/aidial/core/credentials/service/ResourceCredentialsServiceTest.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎server/src/main/java/com/epam/aidial/core/server/ProxyContext.java‎
Lines changed: 2 additions & 2 deletions b/‎server/src/main/java/com/epam/aidial/core/server/ProxyContext.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎server/src/main/java/com/epam/aidial/core/server/controller/ResourceCredentialsController.java‎
Lines changed: 2 additions & 2 deletions b/‎server/src/main/java/com/epam/aidial/core/server/controller/ResourceCredentialsController.java‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎server/src/main/java/com/epam/aidial/core/server/controller/ToolSetProxyController.java‎
Lines changed: 4 additions & 4 deletions b/‎server/src/main/java/com/epam/aidial/core/server/controller/ToolSetProxyController.java‎
Lines changed: 4 additions & 4 deletions
@@ -131,7 +131,6 @@ Priority order:
 
 | Setting                                       | Default | Required | Description                                                                                                                                                                                                                                                                                                                                                                             |
 |-----------------------------------------------|:-------:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| config.jsonMergeStrategy.overwriteArrays      |  false  |    No    | Specifies a merging strategy for JSON arrays. If it's set to `true`, arrays will be overwritten. Otherwise, they will be concatenated.                                                                                                                                                                                                                                                  |
 | identityProviders                             |    -    |   Yes    | Map of identity providers. **Note**: At least one identity provider must be provided. Refer to [examples](sample/aidial.settings.json) to view available providers. Refer to [IDP Configuration](https://github.com/epam/ai-dial/blob/main/docs/tutorials/2.devops/2.auth-and-access-control/2.configure-idps/0.overview.md) to view guidelines for configuring supported providers.    |
 | identityProviders                             |    -    |   Yes    | Map of identity providers. **Note**: At least one identity provider must be provided. Refer to [examples](sample/aidial.settings.json) to view available providers. Refer to [IDP Configuration](https://github.com/epam/ai-dial/blob/main/docs/tutorials/2.devops/2.auth-and-access-control/3.configure-idps/0.overview.md) to view guidelines for configuring supported providers.    |
 | identityProviders.*.jwksUrl                   |    -    | Optional | Url to jwks provider. **Required** if `disabledVerifyJwt` is set to `false`. **Note**: Either `jwksUrl` or `userInfoEndpoint` must be provided.                                                                                                                                                                                                                                         |
@@ -147,6 +146,7 @@ Priority order:
 | identityProviders.*.disableJwtVerification    |  false  |    No    | The flag disables JWT verification. *Note*. `userInfoEndpoint` must be unset if the flag is set to `true`.                                                                                                                                                                                                                                                                              |
 | identityProviders.*.audience                  |    -    |    No    | If the setting is set it will be validated against the claim `aud` in JWT                                                                                                                                                                                                                                                                                                               |
 | identityProviders.*.userDisplayName           |    -    |    No    | Path to the claim in JWT token or user info response where user display name can be taken.                                                                                                                                                                                                                                                                                              |
+| identityProviders.*.userIdPath           |   sub   |    No    | Path to the claim in JWT token or user info response where user ID can be taken.                                                                                                                                                                                                                                                                                                        |
 
 </details>
 
 
@@ -2,6 +2,7 @@
 
 import com.epam.aidial.core.config.AuthenticationType;
 import com.epam.aidial.core.config.CredentialsLevel;
+import com.fasterxml.jackson.annotation.JsonAlias;
 import lombok.Builder;
 import lombok.Data;
 import lombok.extern.jackson.Jacksonized;
@@ -21,5 +22,6 @@ public class ResourceCredentials {
     private long createdAt;
     private long updatedAt;
     private Long expiresInSeconds;
-    private String userSub;
+    @JsonAlias({"userSub", "userId"})
+    private String userId;
 }
@@ -118,20 +118,20 @@ private void enrichResourceAuthSettings(String resourceId,
 
     public void setResourceAuthStatuses(CredentialsLocator credentialsLocator,
                                         ResourceAuthSettings resourceAuthSettings,
-                                        String userSub) {
+                                        String userId) {
         List<ResourceCredentials> allResourceCredentials = resourceCredentialsService.getAllResourceCredentials(credentialsLocator);
-        setUserAuthStatus(resourceAuthSettings, allResourceCredentials, userSub);
+        setUserAuthStatus(resourceAuthSettings, allResourceCredentials, userId);
         setGlobalAuthStatus(resourceAuthSettings, allResourceCredentials);
     }
 
     private void setUserAuthStatus(ResourceAuthSettings resourceAuthSettings,
                                    List<ResourceCredentials> resourceCredentialsList,
-                                   String userSub) {
+                                   String userId) {
         Optional<ResourceCredentials> userResourceCredentials = resourceCredentialsList.stream()
                 .filter(resourceCredentials -> resourceCredentials.getCredentialsLevel().equals(CredentialsLevel.USER)
                     && tokenRefreshStrategyFactory.getTokenValidatorStrategy(resourceCredentials.getAuthenticationType())
                         .hasUnexpiredToken(resourceCredentials)
-                        && userSub.equals(resourceCredentials.getUserSub()))
+                        && userId.equals(resourceCredentials.getUserId()))
                 .findFirst();
         if (userResourceCredentials.isPresent()) {
             resourceAuthSettings.setUserLevelAuthStatus(ResourceAuthStatus.SIGNED_IN);
 
@@ -44,14 +44,14 @@ public class ResourceCredentialsService {
     public void addResourceCredentials(CredentialsDescriptor credentialsDescriptor,
                                        ResourceAuthSettings resourceAuthSettings,
                                        ResourceSignInRequest resourceSignInRequest,
-                                       String userSub) {
+                                       String userId) {
         log.debug("Adding resource credentials for resourceId={}, bucket={}, credentialsLevel={}",
                 credentialsDescriptor.getResourceId(), credentialsDescriptor.getBucketName(), resourceSignInRequest.getCredentialsLevel());
         ResourceCredentialsFactory factory = resourceCredentialsFactoryProvider.getFactory(resourceSignInRequest.getAuthenticationType());
         ResourceCredentials resourceCredentials = factory.createCredentials(resourceSignInRequest.getUrl(), resourceAuthSettings, resourceSignInRequest);
 
         if (resourceSignInRequest.getCredentialsLevel().equals(CredentialsLevel.USER)) {
-            resourceCredentials.setUserSub(userSub);
+            resourceCredentials.setUserId(userId);
         }
 
         byte[] encryptedBody = encrypt(credentialsDescriptor, resourceCredentials);
@@ -154,7 +154,7 @@ public void deleteResourceCredentials(CredentialsLocator credentialsLocator) {
 
     private void validateDeleteOperation(ResourceCredentials existingCredentials,
                                          CredentialsLevel credentialsLevel,
-                                         String userSub) {
+                                         String userId) {
         CredentialsLevel existingResourceCredentialsLevel = existingCredentials.getCredentialsLevel();
         Objects.requireNonNull(existingResourceCredentialsLevel, "Invalid saved credentials: missing CredentialsLevel");
 
@@ -163,9 +163,9 @@ private void validateDeleteOperation(ResourceCredentials existingCredentials,
         }
 
         if (credentialsLevel.equals(CredentialsLevel.USER)) {
-            String existingCredentialsUserSub = existingCredentials.getUserSub();
-            Objects.requireNonNull(existingCredentialsUserSub, "Invalid saved credentials: missing userSub");
-            if (!existingCredentialsUserSub.equals(userSub)) {
+            String existingCredentialsUserId = existingCredentials.getUserId();
+            Objects.requireNonNull(existingCredentialsUserId, "Invalid saved credentials: missing userSub");
+            if (!existingCredentialsUserId.equals(userId)) {
                 throw new IllegalArgumentException("Can't delete other user's personal credentials");
             }
         }
@@ -185,7 +185,7 @@ public ResourceCredentials getRefreshedResourceCredentials(CredentialsLocator cr
             );
             if (userCredentials != null
                     && userCredentials.getCredentialsLevel().equals(CredentialsLevel.USER)
-                    && userCredentials.getUserSub().equals(userSub)) {
+                    && userCredentials.getUserId().equals(userSub)) {
                 return userCredentials;
             }
         } catch (ResourceNotFoundException e) {
 
@@ -154,7 +154,7 @@ private static ResourceCredentials createCredentials(AuthenticationType authenti
                 .accessToken(accessToken)
                 .apiKeyHeader(apiKeyHeader)
                 .apiKey(apiKey)
-                .userSub(userSub)
+                .userId(userSub)
                 .build();
     }
 
 
@@ -461,7 +461,7 @@ private static ResourceCredentials createResourceCredentials(CredentialsLevel le
         ResourceCredentials credentials = Mockito.mock(ResourceCredentials.class);
         when(credentials.getCredentialsLevel()).thenReturn(level);
         when(credentials.getAuthenticationType()).thenReturn(authenticationType);
-        when(credentials.getUserSub()).thenReturn(userSub);
+        when(credentials.getUserId()).thenReturn(userSub);
         return credentials;
     }
 
 
@@ -231,7 +231,7 @@ void testDeleteResourceCredentials_Success() {
         when(credentialsLocator.getCredentialsDescriptors()).thenReturn(descriptors);
 
         ResourceCredentials resourceCredentials = createCredentials(CredentialsLevel.USER);
-        resourceCredentials.setUserSub("userSub");
+        resourceCredentials.setUserId("userSub");
         byte[] resourceCredentialsBytes = JsonMapperUtil.convertToString(resourceCredentials).getBytes();
 
         ResourceDescriptor resourceDescriptor = Mockito.mock(ResourceDescriptor.class);
@@ -267,7 +267,7 @@ void testDeleteResourceCredentials_ValidationFailed() {
         when(credentialsLocator.getCredentialsDescriptors()).thenReturn(descriptors);
 
         ResourceCredentials resourceCredentials = createCredentials(CredentialsLevel.USER);
-        resourceCredentials.setUserSub("userSub-1");
+        resourceCredentials.setUserId("userSub-1");
         byte[] resourceCredentialsBytes = JsonMapperUtil.convertToString(resourceCredentials).getBytes();
 
         ResourceDescriptor resourceDescriptor = Mockito.mock(ResourceDescriptor.class);
 
@@ -72,7 +72,7 @@ public class ProxyContext {
     private final String decodedSourceDeployment;
 
     private Deployment deployment;
-    private String userSub;
+    private String userId;
     private List<String> userRoles;
     private String userProject;
     private String userHash;
@@ -135,7 +135,7 @@ private void initExtractedClaims(ExtractedClaims extractedClaims, Key originalKe
         if (extractedClaims != null) {
             this.userRoles = extractedClaims.userRoles();
             this.userHash = extractedClaims.userHash();
-            this.userSub = extractedClaims.sub();
+            this.userId = extractedClaims.userId();
             this.userProject = extractedClaims.project();
             this.userDisplayName = extractedClaims.userDisplayName();
         } else {
 
@@ -84,7 +84,7 @@ public Future<?> signIn() {
                             CredentialsLocator credentialsLocator = CredentialsLocatorFactory.fromAnyUrl(encodedResourceUrl, context, ResourceTypes.TOOL_SET);
                             CredentialsDescriptor credentialsDescriptor = credentialsLocator.getCredentialsDescriptors().get(resourceSignInRequest.getCredentialsLevel());
                             resourceCredentialsService.addResourceCredentials(credentialsDescriptor, resourceAuthSettings,
-                                    resourceSignInRequest, context.getUserSub());
+                                    resourceSignInRequest, context.getUserId());
                             return true;
                         }
                         throw new ResourceNotFoundException("Resource is not found: " + resourceId);
@@ -124,7 +124,7 @@ public Future<?> signOut() {
                     return resourceCredentialsService.deleteResourceCredentials(
                             credentialsLocator,
                             resourceSignOutRequest,
-                            context.getUserSub());
+                            context.getUserId());
                 }))
                 .onSuccess(removed -> context.respond(HttpStatus.OK, removed))
                 .onFailure(error ->
 
@@ -208,15 +208,15 @@ private void setToolsetCredentials(HttpClientRequest proxyRequest) {
         try {
             ToolSet toolSet = (ToolSet) context.getDeployment();
             ResourceCredentials resourceCredentials = resourceCredentialsService.getRefreshedResourceCredentials(
-                    credentialsLocator, toolSet.getAuthSettings(), context.getUserSub()
+                    credentialsLocator, toolSet.getAuthSettings(), context.getUserId()
             );
 
             if (resourceCredentials != null) {
                 log.debug("Credentials found: User: {}, Resource: {}, CredentialsLevel: {}",
-                        context.getUserSub(), toolSetId, resourceCredentials.getCredentialsLevel());
+                        context.getUserId(), toolSetId, resourceCredentials.getCredentialsLevel());
                 addAuthorizationHeader(proxyRequest, resourceCredentials);
             } else {
-                log.debug("Credentials not found - User: {}, Resource: {}", context.getUserSub(), toolSetId);
+                log.debug("Credentials not found - User: {}, Resource: {}", context.getUserId(), toolSetId);
             }
 
             if (toolSet.isForwardPerRequestKey()) {
@@ -232,7 +232,7 @@ private void addAuthorizationHeader(HttpClientRequest proxyRequest,
                                         ResourceCredentials resourceCredentials) {
         AuthorizationHeader authorizationHeader = authorizationHeaderProvider.createAuthorizationHeader(resourceCredentials);
         if (authorizationHeader != null) {
-            log.debug("AuthorizationHeader added: User: {}, Resource: {}", context.getUserSub(), toolSetId);
+            log.debug("AuthorizationHeader added: User: {}, Resource: {}", context.getUserId(), toolSetId);
             proxyRequest.putHeader(authorizationHeader.getHeaderName(), authorizationHeader.getHeaderValue());
         }
     }
Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@ private static ResourceCredentials createCredentials(AuthenticationType authenti`
`154`	`154`	`.accessToken(accessToken)`
`155`	`155`	`.apiKeyHeader(apiKeyHeader)`
`156`	`156`	`.apiKey(apiKey)`
`157`		`- .userSub(userSub)`
	`157`	`+ .userId(userSub)`
`158`	`158`	`.build();`
`159`	`159`	`}`
`160`	`160`
Original file line number	Diff line number	Diff line change
`@@ -461,7 +461,7 @@ private static ResourceCredentials createResourceCredentials(CredentialsLevel le`
`461`	`461`	`ResourceCredentials credentials = Mockito.mock(ResourceCredentials.class);`
`462`	`462`	`when(credentials.getCredentialsLevel()).thenReturn(level);`
`463`	`463`	`when(credentials.getAuthenticationType()).thenReturn(authenticationType);`
`464`		`- when(credentials.getUserSub()).thenReturn(userSub);`
	`464`	`+ when(credentials.getUserId()).thenReturn(userSub);`
`465`	`465`	`return credentials;`
`466`	`466`	`}`
`467`	`467`