Best Practice: Transforming Claims from Identity Providers

Question

Hello All,

I am currently retrieving claims from external Identity Providers (Google, Facebook).

In particular, I'm interested in consolidating the "name" claim and transforming them into two separate claims "first_name" and "last_name".

With Facebook this is easy, since these fields already exist.

With Windows Live, these fields don't exists.

With Google, these two fields are combined into the "name" claim.

I'm curious what would be considered the "best practice" to get the claims I'm looking for, before I start butchering my own solution together. :)

Thank you,

Michael

Answer 1

The best solution would probably be to collect the information directly from the user if the IdP doesn't provide it. I'd advise against trying to split the Name from Google because there is a possibility that the user may not have a name in the format you expect. E.g. John Smith != Smith, John != John != etc.

---

Developer Security MVP | www.syfuhs.net

Answer 2

+1. Since you need a local registration in your app anyways - you can use the data from the IdP (if present) to pre-populate some form fields. But don't rely on it. 

---

Dominick Baier | thinktecture | http://www.leastprivilege.com

Answer 3

Thanks all for your suggestions.  I ended up writing my own claims transformation solution, with the DisplayName claim being checked for a single space, and if so split it into FirstName and LastName.

Source code here:

http://dragonspark.codeplex.com/SourceControl/changeset/view/74698#1699640

See it in action here:

http://framework.dragonspark.us/