问题
I enabled the IdentityServer to authenticate with Facebook with the implicit flow.
now when I get authenticated i get an id value as subject. like 502967fe0125ce3ff75050ef7b83fd68
I used it as a user id to store user related data. But from time to time it seems like the content of the subject changes and I get a different id.
Am I missunderstanding the concept of the Subject . Is it expected that it is chagning ?
Shouldn't be the subject id constant? What information should I use to store user related data ?
This is how i configure the facebook provider in the identityserver:
public static void Configure(IAppBuilder app, string signInAsType)
{
var fb = new FacebookAuthenticationOptions
{
AuthenticationType = "Facebook",
Caption = "Facebook",
SignInAsAuthenticationType = signInAsType,
AppId = myAppId,
AppSecret = mySecret
};
app.UseFacebookAuthentication(fb);
}
And here is the client config in the website
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
AuthenticationType = "oidc",
SignInAsAuthenticationType = "cookies",
ClientId = "website",
Authority = identServer,
RedirectUri = "http://localhost/pluto/",
ResponseType = "id_token token",
Scope = "openid profile email warehouseapi"
}
回答1:
The sub claim represents the unique identifier of the user in the context of the STS.
This typically means that a new sub is created the first time the user logs in. This sub is then associated with the external login (issuer name and external sub) and re-used.
回答2:
Found the reason. The id in sub returned is the user id of identity server and not the facebook id. And as I use a memory implementation then every time the identity server is restarted the id changes.
So for me this is closed but there is still the question wether this is a desireable behavior.
Should it be more likely the facebook id which is put to subject?
来源:https://stackoverflow.com/questions/39895086/identityserver-facebook-auth-changes-subject-id-is-not-the-facebook-id