Reputation: 437
Open Identity and OAuth
Lets assume I have application A and application B. I also have a SSO application. Assuming that a user can log on to application a and b using the same credentials, when they sign up using the SSO. Now on application a's table how do i store information regarding the authorized user? Do I store the OpenID token in my app's a database and populate the user information using that id as a key? I am confused on this.
For example in a traditional login system, you would use the account id for the user to link data stored in the orders table. How would you do a similar thing?
Thanks you.
Upvotes: 0
Views: 63
Answers (1)
Reputation: 29326
Good question - user migration is not well explained in most articles. When your back end receives a request you will typically need to match up to your product data on either the User ID in the access token or via the email from the Authorization Server's user info.
I have a write up on how I've managed this in the past that may help: https://authguidance.com/2017/10/02/user-data/
Upvotes: 1
Related Questions
- OAuth2.0 and OpenID Connect Confusing
- OIDC OAuth 2.0 Authentication and Authorization
- How does OpenID Connect work?
- Google open id connect
- What OpenID Connect adds to OAuth 2.0 (why is OAuth 2.0 not sufficient for authentication?)
- OpenID Connect, oAuth2 - Where to start?
- OAuth 2.0 and OpenID Connect
- Problems understanding how OAuth 2.0 and OpenID Connect work together
- OpenId Connect authentication for UI and service access
- Open ID 2.0 and Open ID Connect