IdentityServer Facebook Auth更改主题ID/不是Facebook ID [英] IdentityServer Facebook Auth changes subject id / is not the facebook id

问题描述

我使IdentityServer能够通过隐式流程向Facebook进行身份验证.

I enabled the IdentityServer to authenticate with Facebook with the implicit flow.

现在，当我通过身份验证时，我会获得一个id值作为主题.像502967fe0125ce3ff75050ef7b83fd68一样，我用它作为用户ID来存储与用户相关的数据.但是主题的内容似乎不时发生变化，并且我得到了不同的ID.

now when I get authenticated i get an id value as subject. like 502967fe0125ce3ff75050ef7b83fd68 I used it as a user id to store user related data. But from time to time it seems like the content of the subject changes and I get a different id.

我误解了主题的概念.预计它会变慢吗?

Am I missunderstanding the concept of the Subject . Is it expected that it is chagning ?

主题ID应该不是常量吗? 我应该使用什么信息来存储与用户相关的数据?

Shouldn't be the subject id constant? What information should I use to store user related data ?

这是我在身份服务器中配置Facebook提供程序的方式:

This is how i configure the facebook provider in the identityserver:

 public static void Configure(IAppBuilder app, string signInAsType)
        {
            var fb = new FacebookAuthenticationOptions
            {
                AuthenticationType = "Facebook",
                Caption = "Facebook",
                SignInAsAuthenticationType = signInAsType,
                AppId = myAppId,
                AppSecret = mySecret 
            };
            app.UseFacebookAuthentication(fb);
        }

这是网站上的客户端配置

And here is the client config in the website

   JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = "cookies"
        });

        app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
        {
            AuthenticationType = "oidc",
            SignInAsAuthenticationType = "cookies",

            ClientId = "website",
            Authority = identServer,
            RedirectUri = "http://localhost/pluto/",
            ResponseType = "id_token token",
            Scope = "openid profile email warehouseapi"
        }

推荐答案

从属权利要求代表STS上下文中用户的唯一标识符.

The sub claim represents the unique identifier of the user in the context of the STS.

这通常意味着在用户首次登录时会创建一个新的子项.然后将该子项与外部登录名(发行者名称和外部子项)关联并重新使用.

This typically means that a new sub is created the first time the user logs in. This sub is then associated with the external login (issuer name and external sub) and re-used.

这篇关于IdentityServer Facebook Auth更改主题ID/不是Facebook ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！