Azure Authentication changes user sid when adding scopes

129 views Asked by At

I have a Xamarin app that uses Azure AppService for auth.

I did not use email scope for auth before, but now I have added it. Interestingly, once the email scope is added and user authenticates, the provider requests new consent with the new scope. BUT the user gets another sid.

I got 100% repro at least with the email scope for FaceBook and Microsoft providers.

I have one AppService with Facebook setup with email scope and another copy of AppService without email scope. Both AppServices give me consistent sids for my user if I auth, but they never match.

Is it a bug?

1

There are 1 answers

1
Anthony Tuccitto On

I don't think this is a bug. I believe it's more of a limitation that Identity provider A doesn't know anything about Identity provider B. Each new identity provider you add to your AppService will generate a different ID.

Here's another stack overflow Q related to Azure B2C. Behind the scenes B2C and the Azure AppService Auth are doing the same thing.