I have a Xamarin app that uses Azure AppService for auth.
I did not use email scope for auth before, but now I have added it. Interestingly, once the email scope is added and user authenticates, the provider requests new consent with the new scope. BUT the user gets another sid.
I got 100% repro at least with the email scope for FaceBook and Microsoft providers.
I have one AppService with Facebook setup with email scope and another copy of AppService without email scope. Both AppServices give me consistent sids for my user if I auth, but they never match.
Is it a bug?
I don't think this is a bug. I believe it's more of a limitation that Identity provider A doesn't know anything about Identity provider B. Each new identity provider you add to your AppService will generate a different ID.
Here's another stack overflow Q related to Azure B2C. Behind the scenes B2C and the Azure AppService Auth are doing the same thing.