2026-05-05 - JWT Token Email Matching Fix for GCIP Users¶
Release¶
AgileData.io - Correct User Profiles: Email Matching Fixed for External Identity Users
A bug that caused incorrect user profile lookups for users signing in via the new identity service (GCIP) has been fixed. The issue meant that email addresses extracted from the JWT token were being compared against GCIP-format email values in an incompatible way, resulting in failed profile matches for some users.
This was introduced as part of the migration to external identity providers (Google Cloud Identity Platform). JWT tokens from IAP and GCIP represent email addresses with slightly different formats, and the comparison logic was not accounting for this difference. The fix ensures the correct email value is extracted from the token before the profile lookup is performed.
What was happening:
Users signing in via GCIP/external identity could land in the app without a correctly resolved profile
The mismatch between JWT token email format and GCIP email format caused profile lookups to fail silently
Affected users might see missing or default profile information
What this means for you:
User profiles load correctly for all sign-in methods — Google, Microsoft, and all GCIP-based flows
No more blank or default profile states after signing in through the identity service
Consistent experience regardless of which identity provider you use
Last Refreshed¶
Doc Refreshed: 2026-05-05