(user_id/prn) -> sub

openid-connect-client/src/main/java/org/mitre/oauth2/filter/IntrospectingTokenService.java

@@ -94,7 +94,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
     // create a default authentication object with authority ROLE_API
     private Authentication createAuthentication(JsonObject token){
         // TODO:  user_id is going to go away. Will have to fix.
-        return new PreAuthenticatedAuthenticationToken(token.get("user_id").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API"));
+        return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API"));
     }
     
     private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString){

openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java

@@ -417,9 +417,9 @@ public class AbstractOIDCAuthenticationFilter extends
 								+ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
 			}
 
-			// pull the user_id out as a claim on the id_token
+			// pull the subject (user id) out as a claim on the id_token
 			
-			String userId = idToken.getClaims().getUserId();
+			String userId = idToken.getClaims().getSubject();
 			
 			// construct an OIDCAuthenticationToken and return a Authentication object w/the userId and the idToken
 			

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java

@@ -78,9 +78,9 @@ public class OIDCAuthenticationProvider implements
 			if (userInfo == null) {
 				// TODO: user Info not found -- error?
 			} else {			
-				if (!Strings.isNullOrEmpty(userInfo.getUserId()) && !userInfo.getUserId().equals(token.getUserId())) {
+				if (!Strings.isNullOrEmpty(userInfo.getSub()) && !userInfo.getSub().equals(token.getUserId())) {
 					// the userinfo came back and the user_id fields don't match what was in the id_token
-					throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + userInfo.getUserId() + " / " + token.getUserId());
+					throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + userInfo.getSub() + " / " + token.getUserId());
 				}
 			}
 			

openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java

@@ -25,7 +25,7 @@ public class JwtClaims extends ClaimSet {
 	
 	public static final String TYPE = "typ";
 	public static final String JWT_ID = "jti";
-	public static final String PRINCIPAL = "prn";
+	public static final String SUBJECT = "sub";
 	public static final String AUDIENCE = "aud";
 	public static final String ISSUER = "iss";
 	public static final String ISSUED_AT = "iat";
@@ -33,7 +33,6 @@ public class JwtClaims extends ClaimSet {
 	public static final String EXPIRATION = "exp";
 	public static final String NONCE = "nonce";
 
-
 	/**
 	 * ISO8601 / RFC3339 Date Format
 	 */
@@ -72,8 +71,8 @@ public class JwtClaims extends ClaimSet {
 	        	setIssuer(element.getValue().getAsString());
 	        } else if (element.getKey().equals(AUDIENCE)) {	        	
 	        	setAudience(element.getValue().getAsString());
-	        } else if (element.getKey().equals(PRINCIPAL)) {	        	
-	        	setPrincipal(element.getValue().getAsString());
+	        } else if (element.getKey().equals(SUBJECT)) {	        	
+	        	setSubject(element.getValue().getAsString());
 	        } else if (element.getKey().equals(JWT_ID)) {	        	
 	        	setJwtId(element.getValue().getAsString());
 	        } else if (element.getKey().equals(TYPE)) {	        	
@@ -162,15 +161,15 @@ public class JwtClaims extends ClaimSet {
 	/**
      * @return the principal
      */
-    public String getPrincipal() {
-    	return getClaimAsString(PRINCIPAL);
+    public String getSubject() {
+    	return getClaimAsString(SUBJECT);
     }
 
 	/**
      * @param principal the principal to set
      */
-    public void setPrincipal(String principal) {
-    	setClaim(PRINCIPAL, principal);
+    public void setSubject(String principal) {
+    	setClaim(SUBJECT, principal);
     }
 
 	/**

openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java

@@ -85,7 +85,7 @@ public class ClientDetailsEntity implements ClientDetails {
 	private AppType applicationType;
 	private String clientName;
 	private AuthType tokenEndpointAuthType = AuthType.SECRET_BASIC;
-	private UserIdType userIdType;
+	private SubjectType subjectType;
 	
 	private Set<String> contacts; 	
 	
@@ -172,20 +172,20 @@ public class ClientDetailsEntity implements ClientDetails {
 		}
 	}
 	
-    public enum UserIdType {
+    public enum SubjectType {
     	PAIRWISE("pairwise"), PUBLIC("public");
 
 		private final String value;
 		
 		// map to aid reverse lookup 
-		private static final Map<String, UserIdType> lookup = new HashMap<String, UserIdType>();
+		private static final Map<String, SubjectType> lookup = new HashMap<String, SubjectType>();
 		static {
-			for (UserIdType u : UserIdType.values()) {
+			for (SubjectType u : SubjectType.values()) {
 	            lookup.put(u.getValue(), u);
             }
 		}
 		
-		UserIdType(String value) {
+		SubjectType(String value) {
 			this.value = value;
 		}
 		
@@ -193,7 +193,7 @@ public class ClientDetailsEntity implements ClientDetails {
 			return value;
 		}
 		
-		public static UserIdType getByValue(String value) {
+		public static SubjectType getByValue(String value) {
 			return lookup.get(value);
 		}
     }
@@ -547,13 +547,13 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 
 	@Enumerated(EnumType.STRING)
-	@Column(name="user_id_type")
-	public UserIdType getUserIdType() {
-		return userIdType;
+	@Column(name="subject_type")
+	public SubjectType getSubjectType() {
+		return subjectType;
 	}
 
-	public void setUserIdType(UserIdType userIdType) {
-		this.userIdType = userIdType;
+	public void setSubjectType(SubjectType subjectType) {
+		this.subjectType = subjectType;
 	}
 
 	@ElementCollection(fetch = FetchType.EAGER)
@@ -843,7 +843,7 @@ public class ClientDetailsEntity implements ClientDetails {
 						+ clientName + ", " : "")
 				+ (tokenEndpointAuthType != null ? "tokenEndpointAuthType="
 						+ tokenEndpointAuthType + ", " : "")
-				+ (userIdType != null ? "userIdType=" + userIdType + ", " : "")
+				+ (subjectType != null ? "subjectType=" + subjectType + ", " : "")
 				+ (contacts != null ? "contacts=" + contacts + ", " : "")
 				+ (logoUrl != null ? "logoUrl=" + logoUrl + ", " : "")
 				+ (policyUrl != null ? "policyUrl=" + policyUrl + ", " : "")
@@ -983,7 +983,7 @@ public class ClientDetailsEntity implements ClientDetails {
 				+ ((tokenEndpointAuthType == null) ? 0 : tokenEndpointAuthType
 						.hashCode());
 		result = prime * result
-				+ ((userIdType == null) ? 0 : userIdType.hashCode());
+				+ ((subjectType == null) ? 0 : subjectType.hashCode());
 		result = prime
 				* result
 				+ ((userInfoEncryptedResponseAlg == null) ? 0
@@ -1212,7 +1212,7 @@ public class ClientDetailsEntity implements ClientDetails {
 		if (tokenEndpointAuthType != other.tokenEndpointAuthType) {
 			return false;
 		}
-		if (userIdType != other.userIdType) {
+		if (subjectType != other.subjectType) {
 			return false;
 		}
 		if (userInfoEncryptedResponseAlg != other.userInfoEncryptedResponseAlg) {

openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java

@@ -37,7 +37,7 @@ import com.google.gson.JsonObject;
 })
 public class DefaultUserInfo implements UserInfo {
 	
-	private String userId;	
+	private String sub;	
 	private String preferredUsername;
 	private String name;	
 	private String givenName;	
@@ -64,16 +64,16 @@ public class DefaultUserInfo implements UserInfo {
 	@Override
 	@Id
 	@GeneratedValue(strategy=GenerationType.IDENTITY)
-	@Column(name="user_id")
-	public String getUserId() {
-		return userId;
+	@Column(name="sub")
+	public String getSub() {
+		return sub;
 	}
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.model.UserInfo#setUserId(java.lang.String)
 	 */
 	@Override
-	public void setUserId(String userId) {
-		this.userId = userId;
+	public void setSub(String sub) {
+		this.sub = sub;
 	}
 	/* (non-Javadoc)
 	 * @see org.mitre.openid.connect.model.UserInfo#getPreferredUsername
@@ -363,7 +363,7 @@ public class DefaultUserInfo implements UserInfo {
 	public static UserInfo fromJson(JsonObject obj) {
 		DefaultUserInfo ui = new DefaultUserInfo();
 
-		ui.setUserId(obj.has("user_id") ? obj.get("user_id").getAsString() : null);
+		ui.setSub(obj.has("sub") ? obj.get("sub").getAsString() : null);
 		
 		ui.setName(obj.has("name") ? obj.get("name").getAsString() : null);
 		ui.setPreferredUsername(obj.has("preferred_username") ? obj.get("preferred_username").getAsString() : null);

openid-connect-common/src/main/java/org/mitre/openid/connect/model/IdTokenClaims.java

@@ -37,7 +37,6 @@ import com.google.gson.JsonParser;
 @Table(name="idtokenclaims")
 public class IdTokenClaims extends JwtClaims {
 
-	public static final String USER_ID = "user_id";
 	public static final String AUTHENTICATION_CONTEXT_CLASS_REFERENCE = "acr";
 	public static final String NONCE = "nonce";
 	public static final String AUTH_TIME = "auth_time";
@@ -77,15 +76,6 @@ public class IdTokenClaims extends JwtClaims {
     	this.id = id;
     }
 
-    @Transient
-	public String getUserId() {
-		return getClaimAsString(USER_ID);
-	}
-	
-	public void setUserId(String user_id) {
-		setClaim(USER_ID, user_id);
-	}
-	
 	@Transient
 	public String getAuthContext() {
 		return getClaimAsString(AUTHENTICATION_CONTEXT_CLASS_REFERENCE);		
@@ -150,8 +140,6 @@ public class IdTokenClaims extends JwtClaims {
 		for (Entry<String, JsonElement> element : json.entrySet()) {
 			if (element.getValue().isJsonNull()) {
 				pass.add(element.getKey(), element.getValue());
-			} else if (element.getKey().equals(USER_ID)) {
-				setUserId(element.getValue().getAsString());
 			} else if (element.getKey().equals(AUTHENTICATION_CONTEXT_CLASS_REFERENCE)) {
 				setAuthContext(element.getValue().getAsString());
 			} else if (element.getKey().equals(NONCE)) {

openid-connect-common/src/main/java/org/mitre/openid/connect/model/UserInfo.java

@@ -18,13 +18,13 @@ public interface UserInfo {
 	 * @return the userId
 	 */
 	@Id
-	@Column(name="user_id")
-	public abstract String getUserId();
+	@Column(name="sub")
+	public abstract String getSub();
 
 	/**
-	 * @param userId the userId to set
+	 * @param sub the userId to set
 	 */
-	public abstract void setUserId(String userId);
+	public abstract void setSub(String sub);
 	
 	/**
 	 * @return the preferred username

openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java

@@ -99,7 +99,7 @@ public class TokenIntrospectionView extends AbstractView {
             	
             	token.addProperty("audience", src.getAuthenticationHolder().getAuthentication().getAuthorizationRequest().getClientId());
             	
-            	token.addProperty("user_id", src.getAuthenticationHolder().getAuthentication().getName());
+            	token.addProperty("subject", src.getAuthenticationHolder().getAuthentication().getName());
             	
             	return token;
             }

openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java

@@ -50,7 +50,7 @@ public class JwtBearerClientAssertionTokenEndpointFilter extends ClientCredentia
     	try {
     		Jwt jwt = Jwt.parse(assertion);
     	
-    		String clientId = jwt.getClaims().getPrincipal();
+    		String clientId = jwt.getClaims().getSubject();
     		
     		Authentication authRequest = new JwtBearerAssertionAuthenticationToken(clientId, jwt);
     	

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java

@@ -51,14 +51,14 @@ public class JpaUserInfoRepository implements UserInfoRepository {
 	@Override
 	@Transactional	
 	public UserInfo save(UserInfo userInfo) {
-		return saveOrUpdate(userInfo.getUserId(), manager, userInfo);
+		return saveOrUpdate(userInfo.getSub(), manager, userInfo);
 	}
 
 	@Override
 	@Transactional	
 	public void remove(UserInfo userInfo) {
 		
-		UserInfo found = manager.find(DefaultUserInfo.class, userInfo.getUserId());
+		UserInfo found = manager.find(DefaultUserInfo.class, userInfo.getSub());
 		
 		if (found != null) {
 			manager.remove(userInfo);

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java

@@ -48,7 +48,7 @@ public class DefaultUserInfoUserDetailsService implements UserDetailsService {
 	        }
 	        
 	        // TODO: this should really be our own UserDetails wrapper class, shouldn't it?
-			User user = new User(userInfo.getUserId(), password, authorities);
+			User user = new User(userInfo.getSub(), password, authorities);
 			return user;
 		} else {
 			throw new UsernameNotFoundException("Could not find username: " + username);

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -109,8 +109,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 			}
 			
 			claims.setIssuer(configBean.getIssuer());
-			claims.setUserId(userId);
-			claims.setPrincipal(userId); // TODO: this is technically redundant
+			claims.setSubject(userId);
 			claims.setAudience(clientId);
 			
 			idToken.setClaims(claims);

openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java

@@ -90,7 +90,7 @@ public class JSONUserInfoView extends AbstractView {
 		JsonObject obj = new JsonObject();
 		
 		if (scope.contains("openid")) {
-			obj.addProperty("user_id", ui.getUserId());
+			obj.addProperty("sub", ui.getSub());
 		}
 		
 		if (scope.contains("profile")) {

openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java

@@ -98,7 +98,7 @@ public class POCOUserInfoView extends AbstractView {
 		JsonObject entry = new JsonObject();
 		
 		if (scope.contains("openid")) {
-			entry.addProperty("id", ui.getUserId());
+			entry.addProperty("id", ui.getSub());
 		}
 		
 		if (scope.contains("profile")) {

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -10,7 +10,7 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthType;
-import org.mitre.oauth2.model.ClientDetailsEntity.UserIdType;
+import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
@@ -95,19 +95,19 @@ public class ClientDynamicRegistrationEndpoint {
 		/*
 		 * UserID type
 		 */
-		binder.registerCustomEditor(UserIdType.class, new PropertyEditorSupport() {
+		binder.registerCustomEditor(SubjectType.class, new PropertyEditorSupport() {
 			@Override
 			public void setAsText(String text) throws IllegalArgumentException {
 				if (Strings.isNullOrEmpty(text)) {
 					setValue(null);
 				} else {
-					setValue(UserIdType.getByValue(text));
+					setValue(SubjectType.getByValue(text));
 				}
 			}
 			
 			@Override
 			public String getAsText() {
-				UserIdType ut = (UserIdType) getValue();
+				SubjectType ut = (SubjectType) getValue();
 				return ut == null ? null : ut.getValue();
 			}
 		});
@@ -206,7 +206,7 @@ public class ClientDynamicRegistrationEndpoint {
 			// OPENID CONNECT EXTENSIONS BELOW
 			@RequestParam(value = "application_type", required = false) AppType applicationType,
 			@RequestParam(value = "sector_identifier_url", required = false) String sectorIdentifierUrl,
-			@RequestParam(value = "user_id_type", required = false) UserIdType userIdType,
+			@RequestParam(value = "subject_type", required = false) SubjectType subjectType,
 			@RequestParam(value = "require_signed_request_object", required = false) JwsAlgorithm requireSignedRequestObject,
 			// TODO: JWE needs to be handled properly, see @InitBinder above -- we'll ignore these right now
 			/*
@@ -248,7 +248,7 @@ public class ClientDynamicRegistrationEndpoint {
 		client.setX509Url(x509Url);
 		client.setX509EncryptionUrl(x509EncryptionUrl);
 		client.setSectorIdentifierUrl(sectorIdentifierUrl);
-		client.setUserIdType(userIdType);
+		client.setSubjectType(subjectType);
 		client.setRequireSignedRequestObject(requireSignedRequestObject);
 		client.setDefaultMaxAge(defaultMaxAge);
 		client.setRequireAuthTime(requireAuthTime == null ? false : requireAuthTime.booleanValue());
@@ -369,7 +369,7 @@ public class ClientDynamicRegistrationEndpoint {
 			// OPENID CONNECT EXTENSIONS BELOW
 			@RequestParam(value = "application_type", required = false) AppType applicationType,
 			@RequestParam(value = "sector_identifier_url", required = false) String sectorIdentifierUrl,
-			@RequestParam(value = "user_id_type", required = false) UserIdType userIdType,
+			@RequestParam(value = "subject_type", required = false) SubjectType subjectType,
 			@RequestParam(value = "require_signed_request_object", required = false) JwsAlgorithm requireSignedRequestObject,
 			@RequestParam(value = "require_auth_time", required = false, defaultValue = "true") Boolean requireAuthTime,
 			// TODO: JWE needs to be handled properly, see @InitBinder above -- we'll ignore these right now
@@ -463,8 +463,8 @@ public class ClientDynamicRegistrationEndpoint {
 		if (params.containsKey("sector_identifier_url")) {
 			client.setSectorIdentifierUrl(Strings.emptyToNull(sectorIdentifierUrl));
 		}
-		if (params.containsKey("user_id_type")) {
-			client.setUserIdType(userIdType);
+		if (params.containsKey("subject_type")) {
+			client.setSubjectType(subjectType);
 		}
 		if (params.containsKey("require_signed_request_object")) { // TODO: rename field
 			client.setRequireSignedRequestObject(requireSignedRequestObject);

openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java

@@ -88,7 +88,7 @@ public class SimpleWebDiscoveryEndpoint {
 			scopes_supported 	array 	A JSON array containing a list of the OAuth 2.0 [OAuth2.0] scope values that this server supports. The server MUST support the openid scope value.
 			response_types_supported 	array 	A JSON array containing a list of the OAuth 2.0 response_type that this server supports. The server MUST support the code, id_token, and the token id_token response_type.
 			acrs_supported 	array 	A JSON array containing a list of the Authentication Context Class References that this server supports.
-			user_id_types_supported 	array 	A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public.
+			subject_types_supported 	array 	A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public.
 			userinfo_algs_supported 	array 	A JSON array containing a list of the JWS [JWS] and JWE [JWE] signing and encryption algorithms [JWA] supported by the UserInfo Endpoint to encode the JWT [JWT].
 			id_token_algs_supported 	array 	A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the ID Token to encode the JWT [JWT].
 			request_object_algs_supported 	array 	A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the OpenID Request Object described in Section 2.1.2.1 of OpenID Connect Messages [OpenID.Messages] to encode the JWT [JWT]. Servers SHOULD support RS256.

openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql

@@ -83,7 +83,7 @@ CREATE TABLE IF NOT EXISTS client_details (
 	application_type VARCHAR(256),
 	client_name VARCHAR(256),
 	token_endpoint_auth_type VARCHAR(256),
-	user_id_type VARCHAR(256),
+	subject_type VARCHAR(256),
 	
 	logo_url VARCHAR(2048),
 	policy_url VARCHAR(2048),
@@ -162,7 +162,7 @@ CREATE TABLE IF NOT EXISTS token_scope (
 
 CREATE TABLE IF NOT EXISTS user_info (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	user_id VARCHAR(256),
+	sub VARCHAR(256),
 	preferred_username VARCHAR(256),
 	name VARCHAR(256),
 	given_name VARCHAR(256),

openid-connect-server/src/main/resources/db/tables/loading_temp_tables.sql

@@ -15,7 +15,7 @@ CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP (
 
 CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
 	id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
-	user_id VARCHAR(256),
+	sub VARCHAR(256),
 	preferred_username VARCHAR(256),
 	name VARCHAR(256),
 	given_name VARCHAR(256),

openid-connect-server/src/main/resources/db/tables/mysql_database_tables.sql

@@ -78,7 +78,7 @@ CREATE TABLE client_details (
 	application_type VARCHAR(256),
 	client_name VARCHAR(256),
 	token_endpoint_auth_type VARCHAR(256),
-	user_id_type VARCHAR(256),
+	subject_type VARCHAR(256),
 	
 	logo_url VARCHAR(2048),
 	policy_url VARCHAR(2048),
@@ -157,7 +157,7 @@ CREATE TABLE token_scope (
 
 CREATE TABLE user_info (
 	id BIGINT AUTO_INCREMENT PRIMARY KEY,
-	user_id VARCHAR(256),
+	sub VARCHAR(256),
 	preferred_username VARCHAR(256),
 	name VARCHAR(256),
 	given_name VARCHAR(256),

openid-connect-server/src/main/resources/db/users.sql

@@ -25,7 +25,7 @@ INSERT INTO authorities_TEMP (username, authority) VALUES
   ('srmoore','ROLE_USER');
     
 -- By default, the username column here has to match the username column in the users table, above
-INSERT INTO user_info_TEMP (user_id, preferred_username, name, email, email_verified) VALUES
+INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
   ('jricher', 'jricher', 'Justin Richer', 'jricher@mitre.org', false),
   ('aanganes', 'aanganes', 'Amanda Anganes', 'aanganes@mitre.org', false),
   ('mfranklin', 'mfranklin', 'Matt Franklin', 'mfranklin@mitre.org', false),
@@ -49,10 +49,10 @@ MERGE INTO authorities
     INSERT (username,authority) values (vals.username, vals.authority);
 
 MERGE INTO user_info 
-  USING (SELECT user_id, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(user_id, preferred_username, name, email, email_verified)
+  USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(sub, preferred_username, name, email, email_verified)
   ON vals.preferred_username = user_info.preferred_username
   WHEN NOT MATCHED THEN 
-    INSERT (user_id, preferred_username, name, email, email_verified) VALUES (vals.user_id, vals.preferred_username, vals.name, vals.email, vals.email_verified);
+    INSERT (sub, preferred_username, name, email, email_verified) VALUES (vals.sub, vals.preferred_username, vals.name, vals.email, vals.email_verified);
 
     
 --