I'm developing a Webapp with (ext)ASP.NET that already has users registered. I'm trying to add Authentication with Microsoft (OpenID Connect).
My problem is, that I don't know how I should connect the existing users to their respective Microsoft account. After the first time they have logged in, I should have the "sub" saved in my database, and can compare users with that.
But the first time, I don't know what to do. I can't really check for email in they payload in "preferred_username", since that is mutable.
My second question is, is saving the "sub" in my Database the wrong approach?
Good question and it is a common requirement to identify users in your app after login. Especially if users have a history with your app, such as orders placed, and you want to maintain this while migrating logins to Azure AD (or wherever).
My preference is the following approach:
My blog post on User Data Management may give you further ideas on patterns to follow. If your problem is a Microsoft specific technical issue with getting the email claim, please post back with further details - I may be able to help you with that.