azure active directory - User identification claim in OpenID connect -
i'm setting authentication auth0 , using openid connect. i've set owin startup class according this example. problem users auth0 database provide different claims users authenticated enterprise connection (i'm using azure ad test scenario).
my question is, claim should use user in application's database perform authorization, i.e. use user id? note comment in link above, says might need "read/modify claims populated based on jwt".
openid connect has standardized sub claim primary user identifier. alternatively may able use mail claim, caveat e-mail addresses can reassigned, , sub should not be.
Comments
Post a Comment