Will the "Sub" claim in an Auth0 JWT always be unique?

Question

I just have a quick Auth0 question. I've looked all over, but the more I look the more confused I get.

In the payload of the JWT that Auth0 gives me when I log in there is a Sub claim that look like this "sub": "facebook|123456789".

I'm just curious if sub will always be unique and if I can use it as a sort of foreign key in my database to link users to different tables.

Answer 1

The sub, short for subject, in this case is the User Id for the normalised user profile representing the user in Auth0.

Here, facebook|123456789 is the connection strategy (social connection of type facebook in your example) piped with the facebook ID for the user (which came from facebook). However, bear in mind, that with facebook, when you set up a Connection, you are actually setting up connection to a particular Facebook App - (the App ID and App Secret that you configure in Auth0 for that connection strategy). Long story short, for a single connection strategy of type facebook, defined under social connections in Auth0 Dashboard - then yes, this would be unique and could be a correlating identifier to a separate datastore with enriched info about that user profile etc.

Just bear in mind, if you were to create another separate App defined in Facebook, then setup a new Auth0 facebook connection to that facebook app, and login with same user - they would almost certainly receive a different sub since the facebook userId would be different. For example, it might be facebook|987654321 etc