We are using Auth0 to log in random users, and we are using the e-mail code method. When my application asks auth0 to authenticate the user these are the claims we are getting back:
I understood that I should be using the subject id (sid) as the primary key for the user. The problem is that if I clear all my cookies and log in again (possibly after some time has passed) I get a completely different set of identifying properties for the same user, for example:
I can see that the “nameidentifier” is the same between the two, but all over the documentation and in this forum I see the direction that the subject ID is the key that I’m supposed to be using. Is there something that I could be doing wrong that is causing the subject ID to be unstable? Has Auth0 changed and I should ignore the sid value?
Note that as long as the auth0 cookies are still there, I continue to get the same sid value, it’s only after I clear those cookies that the sid changes. In this case more than 24 hours had elapsed and I got the same sid, until I cleared my cookies.
Also, note that I had to change the claim names above since the forum thinks I’m trying to link out to xmlsoap and gravatar.