Hello GoodData team. We’ve run into an authentication/authorization problem for one of our customers. The embedded GoodData instance is not loading any content for them, even when they are authenticated. Our GoodData instances are configured to use our Auth0 IdP. Our investigation of the problem suggests: 1. GoodData does not include the user’s

authenticationId

as part of authenticating with our IdP, but 2. GoodData’s own authorization does require the user’s

authenticationId

to be a case-sensitive identical match to the IdP-provided

sub

value Could you confirm that both points above are accurate?

Hi Eoghan, 1. Yes, GoodData doesn’t send

authenticationId

to your IdP. Instead, it receives an ID token from the IdP and matches the user using the

sub

claim (or another claim if configured via

oauthSubjectIdClaim

). 2. Correct, the value from the configured claim (default:

sub

) must exactly match the user’s

authenticationId

in GoodData — including casing.

Hello Julius - thank you for the clear and prompt response, it’s very helpful!