Best Practice: Transforming Claims from Identity Providers
-
vendredi 3 février 2012 13:35
Hello All,
I am currently retrieving claims from external Identity Providers (Google, Facebook).
In particular, I'm interested in consolidating the "name" claim and transforming them into two separate claims "first_name" and "last_name".
With Facebook this is easy, since these fields already exist.
With Windows Live, these fields don't exists.
With Google, these two fields are combined into the "name" claim.
I'm curious what would be considered the "best practice" to get the claims I'm looking for, before I start butchering my own solution together. :)
Thank you,
Michael
Toutes les réponses
-
vendredi 3 février 2012 21:54 The best solution would probably be to collect the information directly from the user if the IdP doesn't provide it. I'd advise against trying to split the Name from Google because there is a possibility that the user may not have a name in the format you expect. E.g. John Smith != Smith, John != John != etc.
Developer Security MVP | www.syfuhs.net- Marqué comme réponse Arwind - MSFTModerator mardi 14 février 2012 03:22
-
samedi 4 février 2012 06:26 +1. Since you need a local registration in your app anyways - you can use the data from the IdP (if present) to pre-populate some form fields. But don't rely on it.
Dominick Baier | thinktecture | http://www.leastprivilege.com- Marqué comme réponse Arwind - MSFTModerator mardi 14 février 2012 03:22
-
samedi 3 mars 2012 19:55
Thanks all for your suggestions. I ended up writing my own claims transformation solution, with the DisplayName claim being checked for a single space, and if so split it into FirstName and LastName.
Source code here:
http://dragonspark.codeplex.com/SourceControl/changeset/view/74698#1699640
See it in action here:
http://framework.dragonspark.us/
- Modifié Michael-DragonSpark samedi 3 mars 2012 19:55
