Merging OAuth accounts in ASP.NET Identity Authentication system

Question

I recently began implenting authentication on a single page app using OAuth. I started with the ASP.NET Single Page App Visual Studio Template using the new Identity Authentication system.

I had to rewrite the entire front-end for this app and have been slowly begining to understand the authentication flow using the AccountController endpoints that get generated by the template. I'm new to Claim-based identity so it was a little much as first but I've been digesting it slowly.

However, it seems there is no support for merging multiple external accounts with a link to single local account. Can someone more familiar with the new system comment on how to build support for this. It would help to use the system's current own domain language (IdentityUser, IdentityUserLogin, ExternalLoginData, etc) to explain how to handle the 3 flows described in this answer

In other words, I'm looking for that answer reworded with a little more detail and relevant to domain model used by ASP.NET Identity Authentication system.

Answer 1

So for the purposes of mapping the linked answer to identity:

IdentityUser is the local user (UserId is the key for local user) IdentityUserLogin is the row linking the local user to a third party login (oauth/open id) ExternalLoginData is just a container class that is used by the app layer.

Typically registration happens either locally (Create a username/password) or externally (link a new account to a 3rd party login).

Both of these flows first create a IdentityUser. No IdentityUserLogin is needed for the local password flow, since the password hash is stored inside of the IdentityUser itself. The 3rd party flow will need an extra step creating a IdentityUserLogin with the appropriate 3rd party identifier associated with the IdentityUser's userId so future logins with the 3rd party login work.