admin管理员组

文章数量:1333451

I've set up Firebase Authentication for my app with an OIDC provider. In this OIDC provider, the email address isn't required to be unique. For instance, users from the same company could share their company's email address. When I log in to the app through Firebase Authentication however, Firebase uses the email as the "identifier". This means that a different user with the same email ends up sharing the same Firebase Authentication user.

Is it possible to tell Firebase Authentication to use something else as the identifier (eg. the "sub")?

Alternatively, could there be any additional setup I need to do in our OIDC provider the signal to Firebase what it should use as an identifier? The provider uses ASP.NET Identity + OpenIDDict.

Thanks.

I've set up Firebase Authentication for my app with an OIDC provider. In this OIDC provider, the email address isn't required to be unique. For instance, users from the same company could share their company's email address. When I log in to the app through Firebase Authentication however, Firebase uses the email as the "identifier". This means that a different user with the same email ends up sharing the same Firebase Authentication user.

Is it possible to tell Firebase Authentication to use something else as the identifier (eg. the "sub")?

Alternatively, could there be any additional setup I need to do in our OIDC provider the signal to Firebase what it should use as an identifier? The provider uses ASP.NET Identity + OpenIDDict.

Thanks.

  • firebase-authentication
  • asp-identity
  • openid-connect
  • openiddict
Share Improve this question asked Nov 20, 2024 at 13:17 katkakkatkak 3361 silver badge11 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 0

Firebase has a configuration option that determines whether email addresses have to be unique in a project. It's on by default, but if you turn it off you can have multiple users with the same email address.

I fixed this by passing a custom scope from my clients that use Firebase Auth.

The OIDC provider then looks for that scope and when it is present, it does not provide the email claim. This seems to trigger Firebase Auth to use the name claim instead, which in my case is sufficiently unique.

本文标签:

版权声明:本文标题:asp.net identity - How to use an identifier other than "email" for users in Firebase Authentication + OIDC - S 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742353977a2459046.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。