The most scalable and customizable identity server on the market. Replace your Homegrown, Auth0, Okta, Firebase with better UX and DX. Has all the tablestakes: Passkeys, Social Sign In, Multi-Factor Auth, SMS, SAML, TOTP, and more. Written in Go, cloud native, headless, API-first. Available as a service on Ory Network and for self-hosters.
In the case of Microsoft, using sub as an identifier can lead to problems. Because the use of OIDC at Microsoft is based on an app registration, the content of sub changes with every new app registration. Sub is therefore not uniquely related to the user. It is therefore not possible to transfer users from one app registration to another without further problems.
https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#payload-claims
Describe your ideal solution
With the use of oid it is possible to identify a user by a unique id.
Preflight checklist
Ory Network Project
No response
Describe your problem
In the case of Microsoft, using
subas an identifier can lead to problems. Because the use of OIDC at Microsoft is based on an app registration, the content ofsubchanges with every new app registration.Subis therefore not uniquely related to the user. It is therefore not possible to transfer users from one app registration to another without further problems. https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#payload-claimsDescribe your ideal solution
With the use of
oidit is possible to identify a user by a unique id.Workarounds or alternatives
There are no other options.
Version
1.3.0
Additional Context
No response