UserIDs

How to identify users, people and accounts within Feide.

Feide with OIDC/OAuth is not locked down to operate on only one kind of user identifier. Each user record is issued a unique opaque primary UserID, and a set of secondary userIDs of various kinds.

Primary UserID

The primary user identifier is generated for users the first time they access Feide over OIDC/OAuth. It is in the UUID format, and is opaque, not releasing any additional information about the user. It is intended to be long-term, surviving merging of schools and universities.

For now, Feide will not perform automatic account mapping between user accounts.

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864"
}

Secondary UserIDs

Feide can handle secondary userIDs in different namespaces. For example, Feide handles both national identity numbers and Feide IDs.

One user may have several secondary userIDs, even of the same type (prefix). It is important that application developers take this into account when implementing applications.

Feide identifier

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "feide:andreas@uninett.no"
    ],
    "name": "Andreas Åkre Solberg"
}

National Identity number

If the application is granted the userid-nin scope, it can access the national identity number. When the user is logged in using ID-porten, the national identity number is available as a secondary userID. It will look like this:

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "nin:10108012345"
    ]
}

When logged in using a Feide user account, having the necessary scope, the national identity number is not returned as a secondary userID. If available, it is returned at the extended userinfo endpoint as the attribute norEduPersonNIN.

{
    "norEduPersonNIN": "10108012345"
}

Merged primary keys

If two user records are merged at Feide for OIDC/OAuth, one entry will be removed and all userids from this record will be copied into the primary record. The primary key of the removed record will be added as a secondary historic key to the primary record.

Applications that obtain the primary userID from Feide will always also get access to historical primary keys like this:

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "uuid:0723bd04-9731-48c2-86e4-2159abd0e85f"
    ]
}