4

I have a site running RPS to authenticate users using personal Microsoft Live ID accounts. I am identifying them using the PUID right now.

I am now reworking the authentication of this site to use OIDC/OAuth, meaning that I won't get the PUID of my users anymore, but just the nameidentifier claim.

How is it possible for me to migrate users from RPS (PUID) to OIDC (nameidentifier)? Like querying the PUID using the nameidentifier?

I can't find any relevant information on PUID anymore, or RPS for that matter.

InDieTasten
  • 2,092
  • 1
  • 16
  • 24

1 Answers1

0

While this doesn't answer the exact question, after some testing I've found a workaround as follows:

The ID from MSA OAuth endpoint is the same as the one from Microsoft graph API. This is actually the API used by many middlewares to get the User ID within Microsoft. It is called "id" in the /profiles/me endpoint. This "id" is also called CID.

RPS can also retrieve a MSA CID, so it's basically working the other way around. It's not about mapping them by getting the PUID from OAuth, but getting the CID from RPS.

InDieTasten
  • 2,092
  • 1
  • 16
  • 24
  • I am in a similar situation right now. May i know if you manage to get the PUID from MicrosoftGraphAPI with AzureAD v2? If yes, can u pls share some snippet that enabled you to achieve that? – Raghav Aug 25 '18 at 13:21
  • @InDieTasten - I've a similar situation where we have to migrate from [ACS](https://azure.microsoft.com/en-in/blog/7-month-retirement-notice-access-control-service/) as it is being retired. We are planning to migrate to OAuth using MSA but it does not provide PUID (the whole system depends on PUID). Is there any other way apart from using [RPS](https://social.msdn.microsoft.com/Forums/onedrive/en-US/62f55eb1-83a1-4306-86f2-3eb1322a589e/what-is-live-id-server-authenticationrps-sdk?forum=wliddev) which is not publicly open? – user1672994 Aug 30 '18 at 08:26
  • @user1672994 No AFAIK. If you cannot get the aforementioned CID from ACS, you will probably have to resort to mapping by email address as a migration strategy. – InDieTasten Aug 31 '18 at 10:38