Best Practice: Transforming Claims from Identity Providers
-
03 Februari 2012 13:35
Hello All,
I am currently retrieving claims from external Identity Providers (Google, Facebook).
In particular, I'm interested in consolidating the "name" claim and transforming them into two separate claims "first_name" and "last_name".
With Facebook this is easy, since these fields already exist.
With Windows Live, these fields don't exists.
With Google, these two fields are combined into the "name" claim.
I'm curious what would be considered the "best practice" to get the claims I'm looking for, before I start butchering my own solution together. :)
Thank you,
Michael
Semua Balasan
-
03 Februari 2012 21:54 The best solution would probably be to collect the information directly from the user if the IdP doesn't provide it. I'd advise against trying to split the Name from Google because there is a possibility that the user may not have a name in the format you expect. E.g. John Smith != Smith, John != John != etc.
Developer Security MVP | www.syfuhs.net- Ditandai sebagai Jawaban oleh Arwind - MSFTModerator 14 Februari 2012 3:22
-
04 Februari 2012 6:26 +1. Since you need a local registration in your app anyways - you can use the data from the IdP (if present) to pre-populate some form fields. But don't rely on it.
Dominick Baier | thinktecture | http://www.leastprivilege.com- Ditandai sebagai Jawaban oleh Arwind - MSFTModerator 14 Februari 2012 3:22
-
03 Maret 2012 19:55
Thanks all for your suggestions. I ended up writing my own claims transformation solution, with the DisplayName claim being checked for a single space, and if so split it into FirstName and LastName.
Source code here:
http://dragonspark.codeplex.com/SourceControl/changeset/view/74698#1699640
See it in action here:
http://framework.dragonspark.us/
- Diedit oleh Michael-DragonSpark 03 Maret 2012 19:55
