Folks using JWTs (ID and Access tokens), do you generally use the JWT's

sub

attribute as the userId in your database? Or do you use some other custom userId?

Using the

sub

as user_id might hurt in long run, as if in future if the credentials are required to be changed, like email, the new sub wont match to the user_id. Using a custom (mapped) user id shall be better We ran into this while working with AWS Cognito 🙂

Good point. Yeah, also reliance on

sub

will tie you to that identity provider and make migration to a new IDP difficult (should you ever need to do this).

exactly! 🙂