Gold doesn't offer the @idir username - Why and what should I consider?

[zsamji]

I noticed your Gold Offering replaces the username with the GUID rather than the human readable username based on this visual

What are some considerations I should keep in mind with respect to my app's architecture and code base?

[junminahn]

I believe many teams make use of IDIR username in their applications, and IDIR username is rather human-readable and is believed as a unique identifier for a specific IDIR user. As a matter of fact, it is unique in the system, and yet, there is a security risk to giving privileges based on it at the application level in terms of the IDIR username being re-used.
Therefore, even though IDIR username can be found in a token payload attribute idir_username of the Gold integration, it is highly recommended to use IDIR GUID in applications by mapping to preferred_username or idir_user_guid attributes as a source of truth for the IDIR user.