Best Practice: Transforming Claims from Identity Providers
-
3. února 2012 13:35
Hello All,
I am currently retrieving claims from external Identity Providers (Google, Facebook).
In particular, I'm interested in consolidating the "name" claim and transforming them into two separate claims "first_name" and "last_name".
With Facebook this is easy, since these fields already exist.
With Windows Live, these fields don't exists.
With Google, these two fields are combined into the "name" claim.
I'm curious what would be considered the "best practice" to get the claims I'm looking for, before I start butchering my own solution together. :)
Thank you,
Michael
Všechny reakce
-
3. února 2012 21:54 The best solution would probably be to collect the information directly from the user if the IdP doesn't provide it. I'd advise against trying to split the Name from Google because there is a possibility that the user may not have a name in the format you expect. E.g. John Smith != Smith, John != John != etc.
Developer Security MVP | www.syfuhs.net- Označen jako odpověď Arwind - MSFTModerator 14. února 2012 3:22
-
4. února 2012 6:26 +1. Since you need a local registration in your app anyways - you can use the data from the IdP (if present) to pre-populate some form fields. But don't rely on it.
Dominick Baier | thinktecture | http://www.leastprivilege.com- Označen jako odpověď Arwind - MSFTModerator 14. února 2012 3:22
-
3. března 2012 19:55
Thanks all for your suggestions. I ended up writing my own claims transformation solution, with the DisplayName claim being checked for a single space, and if so split it into FirstName and LastName.
Source code here:
http://dragonspark.codeplex.com/SourceControl/changeset/view/74698#1699640
See it in action here:
http://framework.dragonspark.us/
- Upravený Michael-DragonSpark 3. března 2012 19:55
