locked
Retreiving the windows live id of the logged in user RRS feed

  • Question

  • Is it possible to retreive the window live id taht the user's healthvault account is tied to in code? The personinfo.id provides the unique GUID id.  Our application requires user to save an email. We want to avoid having using type an email if we can retreive it from the live id.

    It seems that the windows live id is automatically added as the email under the user's demograpic profile. However, the user may change that email from within HealthVault after the account is created. We want to retreive the unique email of the windows live id that the user is logging in with.

    Thanks in advance for your help.
    Thursday, July 2, 2009 11:34 PM

Answers

  • From an authenticated HealthVault session, it is NOT possible to know the userid/liveid (or even which authenticated mechanism was being used - liveid v/s openid).

    The email set under demographic profile and the live id used to authenticate are 2 independent things.  As a matter of fact, you can change the custodian of your record to another liveid or open id and the email in demographic profile remains the same.

    If your application really need to know which live id is used, you can use the approach where in you authenticate the user FIRST against live.com DIRECTLY (which will redirect the user back to your application after successful auth and now you know what the liveid token is) and within 5 mts redirect the user to HealthVault shell with AUTH target.  Shell will NOT ask for credentials again and authenticate the user.  This way you can be sure that what the underlying liveid is for an authenticated HealthVault session.

    Added: Note that even if you authenticate against Live.com com and then use that authentication for HeatlthVault, your application will only be able to access the liveid token - and NOT the actual email address the user entered to authenticate...  In short, your application will not be able to find the actual email address the user entered for authentication.


    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    • Edited by Rajesh CKR Friday, July 3, 2009 5:59 AM added section in italics
    • Marked as answer by drjindal Friday, July 3, 2009 5:44 PM
    Friday, July 3, 2009 3:20 AM

All replies

  • From an authenticated HealthVault session, it is NOT possible to know the userid/liveid (or even which authenticated mechanism was being used - liveid v/s openid).

    The email set under demographic profile and the live id used to authenticate are 2 independent things.  As a matter of fact, you can change the custodian of your record to another liveid or open id and the email in demographic profile remains the same.

    If your application really need to know which live id is used, you can use the approach where in you authenticate the user FIRST against live.com DIRECTLY (which will redirect the user back to your application after successful auth and now you know what the liveid token is) and within 5 mts redirect the user to HealthVault shell with AUTH target.  Shell will NOT ask for credentials again and authenticate the user.  This way you can be sure that what the underlying liveid is for an authenticated HealthVault session.

    Added: Note that even if you authenticate against Live.com com and then use that authentication for HeatlthVault, your application will only be able to access the liveid token - and NOT the actual email address the user entered to authenticate...  In short, your application will not be able to find the actual email address the user entered for authentication.


    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    • Edited by Rajesh CKR Friday, July 3, 2009 5:59 AM added section in italics
    • Marked as answer by drjindal Friday, July 3, 2009 5:44 PM
    Friday, July 3, 2009 3:20 AM
  • Thanks Raj. As a matter of fact, we are planning to use live.com for authentication. It seems (need to confirm) that the live id redirect does give you the email the user logged in with in the api. Our concern was that user will be confused between authenticating between live.com and healthvault shell.  

    Anyways, thanks for confirming that there is no way to retreive the live id from healthvault api...That really helps.
    Friday, July 3, 2009 5:44 PM