Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are any other claims available from Windows Live ID via the ACS 2.0 identity provider?

I understand that currently the default Windows Live ID identity provider in ACS 2.0, only provides two claims the nameidentifier (a base64 unique id associated with the user and your application, but useless for describing someone) and the identityprovider claim which lets you know that your talking with LiveID. I was wondering is it possible to configure an alternative identity provider for Window Live ID that could provide Name and other Live ID profile information via additional claims.

Thanks, -Patrick

like image 825
Patrick Simpson Avatar asked Jun 17 '11 20:06

Patrick Simpson


2 Answers

You can't get anything but the nameidentifier and identityprovider claims using the Window's Live Identity Provider. http://msdn.microsoft.com/en-us/library/gg185944.aspx

The other providers available to Azure ACS 2.0 are all listed in detail from this link. http://msdn.microsoft.com/en-us/library/gg185971.aspx

FYI - Google & Yahoo as IP's provide additional but optional claims emailaddress & name. So you could also retrieve as an example, John Doe & [email protected].

Note, that using these two optional claims will prompt the user they will be exposed to your services when logging in for the first time. At which time the user can cancel the operation. I recommend you only get the claims you really need as it may scare off potential users.

like image 86
Eat at Joes Avatar answered Oct 11 '22 22:10

Eat at Joes


I have investigated this before and found that the direct answer is no.

You can however use ADFS in chain with ACS to inject more claims.

It seems that the LiveId setup allows you to post a token to get info like

{
   "id": "b6b2a7e8f2515e5", 
   "name": "Apurva Dalia", 
   "first_name": "Apurva", 
   "last_name": "Dalia", 
   "gender": null, 
   "link": "http://cid-b6b2a7e8f2515e5.profile.live.com/", 
   "locale": "en_US", 
   "updated_time": "2011-10-26T21:13:05+0000"
}

If this is true, than you can inject this info to the caller.

See Server Side scenarios of the Live SDK.

From another Microsoft site:

For example, the following GET request, without any access token specified, would return the user's public profile information. https://apis.live.net/v5.0/8c8ce076ca27823f

The information returned by Windows Live would look like the following.

"id": "8c8ce076ca27823f", "name": "Roberto Tamburello",
"first_name": "Roberto",
"last_name": "Tamburello",
"gender": null, "locale": "en_US"

like image 32
Frode Stenstrøm Avatar answered Oct 11 '22 20:10

Frode Stenstrøm