Where a user may sign in with one of multiple social identity providers, is it possible to add the provider (.e.g ‘google’) into the access token, perhaps using a rule to do so?
Hey @mark.hall, I didn’t get your question exactly. But I’m assuming you want to add the providers into different access tokens.
I don’t think you can add different provider into an existing access token. To make this more clear consider this example, an access token issued after a user authenticates to Facebook can be used to call the Facebook Graph API.
Thanks for the input @vihar.kurama!
If you simply want to see what IDP the user is using to authenticate, you can look at the prefix in the
sub claim of the token. It should be the users IDP followed by their UUID.
google-oauth2|1234567890 is a google user
twitter|0987654321 is a twitter user
Thanks Dan, that’s all I was after, the name of the provider.
I take it the same principal will apply with custom OAuth2.0 providers?
I don’t have an example right in front of me but if I recall correctly it should be the connection strategy param. See the example doc:
Thanks for this. Related, if we link a user account, so they have logged in with Google first time and another social provider another - will interrogating the subject still tell us which one they have logged in with? Or may it be better to get the identities object and look for the one with the latest last_login?
It should match this example:
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.