From 59d4c2583b912436a7efe4ac62765fa6623c624c Mon Sep 17 00:00:00 2001 From: Ghislain LE MEUR Date: Tue, 14 Oct 2025 18:26:58 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(auth)=20fix=20LiveKit=20token=20au?= =?UTF-8?q?thentication=20field=20mismatch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes "Invalid LiveKit token" errors caused by field mismatch between token generation and authentication lookup. Previously: - generate_token() used user.sub as token identity - LiveKitTokenAuthentication tried to retrieve user via user.id field - This failed when sub was not a UUID (e.g., from LemonLDAP OIDC provider) Now: - generate_token() continues using user.sub (canonical OIDC identifier) - LiveKitTokenAuthentication correctly looks up by sub field - Both sides now consistently use the same field This ensures compatibility with all RFC 7519-compliant OIDC providers, regardless of their sub claim format. --- src/backend/core/authentication/livekit.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/backend/core/authentication/livekit.py b/src/backend/core/authentication/livekit.py index b236dc54..35b336a5 100644 --- a/src/backend/core/authentication/livekit.py +++ b/src/backend/core/authentication/livekit.py @@ -30,7 +30,7 @@ class LiveKitTokenAuthentication(authentication.BaseAuthentication): raise exceptions.AuthenticationFailed("Token missing user identity") try: - user = UserModel.objects.get(id=user_id) + user = UserModel.objects.get(sub=user_id) except UserModel.DoesNotExist: user = AnonymousUser()