OpenId Connect中用户的唯一ID是什么 [英] What is the unique id for users in OpenId Connect
问题描述
我们有一个使用Asp.Net Identity来管理我们的客户数据库的Asp.Net 4.5 MVC应用程序.我们当前正在使用Microsoft帐户身份验证.我们正在考虑使用OpenId Connect,以便拥有工作/学校帐户的客户也可以登录
We have an Asp.Net 4.5 MVC app using Asp.Net Identity to manage our customer database. We are currently using Microsoft Account Authentication. We are considering using OpenId Connect so that customers with a work/school account can also sign-in Add sign-in to an .NET MVC web app.
Microsoft帐户身份验证将ProviderKey作为已登录用户的唯一ID返回.该ID映射到我们客户数据库中的UserId.
Microsoft Account Authentication returns ProviderKey as the unique id of the user who has logged in. This is mapped onto UserId in our customer database.
OpenId Connect似乎没有返回ProviderKey,但是NameIdentifier看起来很有希望
ClaimsPrincipal.Current.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier)?.Value;
OpenId Connect does not appear to return a ProviderKey, but NameIdentifier looks promising
ClaimsPrincipal.Current.FindFirst(System.IdentityModel.Claims.ClaimTypes.NameIdentifier)?.Value;
NameIdentifier是OpenId Connect返回的用户的唯一标识符吗?可以可靠地用来随着时间的推移唯一地识别用户吗?
Is NameIdentifier the unique identifier of the user returned by OpenId Connect? Can it be reliably used to uniquely identify a user over time?
推荐答案
NameIdentifier是OpenId Connect返回的用户的唯一标识符吗?可以可靠地用来随着时间的推移唯一地识别用户吗?
Is NameIdentifier the unique identifier of the user returned by OpenId Connect? Can it be reliably used to uniquely identify a user over time?
AFAIK,NameIdentifier是从id_token的NameId或Sub声明映射的(请参考
AFAIK, the NameIdentifier is mapped from NameId or Sub claim from the id_token(refer here). And for the id_token for Azure AD, it used the Sub claim.
并且来自子声明:
标识令牌断言有关的主体,例如应用程序的用户.该值是不可变的,不能重新分配或重用,因此可以将其安全地用于执行授权检查.由于该主题始终存在于Azure AD发行的令牌中,因此我们建议在通用授权系统中使用此值.
Identifies the principal about which the token asserts information, such as the user of an application. This value is immutable and cannot be reassigned or reused, so it can be used to perform authorization checks safely. Because the subject is always present in the tokens the Azure AD issues, we recommended using this value in a general purpose authorization system.
答案是肯定的,它可以可靠地用于随着时间的推移唯一地识别用户.
The answer is yes, it reliably used to uniquely identify a user over time.
这篇关于OpenId Connect中用户的唯一ID是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
