[NetBird] Authelia integration #267
Description
NetBird currently uses preferred_username as AUTH_USER_ID_CLAIM which is unsafe as it can be changed. Preferably the sub claim should be used as it's guaranteed immutable. See this Authelia discussion.
At the moment this is not a big issue since username can't be changed in Authelia/LLDAP which is the information used for the preferred_username.
Using the sub claim is also not preferred as it's difficult to distinguish which user is which.
Wait for NetBird to enable some kind of alias functionality? Does NetBird use the UserInfo endpoint to fetch this info?
What does USE_ID_TOKEN=false actually mean does NetBird then use the AccessToken? But for what?
Tried asking in NetBird Slack.