[Question] AspNetIdentityUserService - AuthenticateExternalAsync

[pawepaw]

It's rather question than issue and I understand that AspNetIdentityUserService is just sample implementation which I can extend or replace but I want to understand better current implementation.

I see that you save claims from external identity provider when user is for the first time in application and he doesn't exist in database but when user'll visit again you do not update, save new claims nor get old from database. Question is why do we save them?

When user visit for the first time his account is created based on received claims. I understand that you save claims because some of them might be used later on user active session?

I understand that every time user gets redirected from external identity provider into IdentityServer claims are attached into request (token) so it might be wise to update claims in database because they will change over the time?

[brockallen]

Sorry for the delay -- been busy/traveling.

Well, it's a tricky question -- do you always want those external claims? Some people do, some don't. So you have to decide and code the your solution the way you need it.

[pawepaw]

The question is how AspNetIdentityUserService should behave by default. For me it's a bit misleading that it saves external claims but they are never updated. I think if you bother to save them by default they should be updated each time.

[brockallen]

Most often what I see if that the external claims are used only the first time to pre-populate a registration page. After that, all the claims are always pulled from the local DB and the external provider's claims are never used. The external provider from that point on is only a means to identify the user in IdSvr.