UserIDs#

How to identify users, people and accounts within Feide.

Feide with OIDC/OAuth is not locked down to operate on only one kind of user identifier. Each user record is issued a unique opaque primary UserID, and a set of secondary userIDs of various kinds.

Primary UserID#

The primary user identifier is generated for users the first time they access Feide over OIDC/OAuth. It is in the UUID format, and is opaque, not releasing any additional information about the user. It is intended to be long-term, surviving merging of schools and universities.

For now, Feide will not perform automatic account mapping between user accounts.

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864"
}

Secondary UserIDs#

Feide can handle secondary userIDs in different namespaces. For example, Feide handles both national identity numbers and Feide IDs.

One user may have several secondary userIDs, even of the same type (prefix). It is important that application developers take this into account when implementing applications.

Feide identifier#

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "feide:andreas@uninett.no"
    ],
    "name": "Andreas Åkre Solberg"
}

National Identity number#

If the application is granted the userid-nin attribute group, it can access the national identity number. It is available as the claim https://n.feide.no/claims/nin:

{
    "https://n.feide.no/claims/nin": "10108012345",
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "feide:andreas@uninett.no"
    ],
    ...
}

When the user is logged in using ID-porten, the national identity number is also available as a secondary userID. It will look like this:

{
    "https://n.feide.no/claims/nin": "10108012345",
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "nin:10108012345"
    ],
    ...
}

Merged primary keys#

If two user records are merged at Feide for OIDC/OAuth, one entry will be removed and all userids from this record will be copied into the primary record. The primary key of the removed record will be added as a secondary historic key to the primary record.

Applications that obtain the primary userID from Feide will always also get access to historical primary keys like this:

{
    "userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
    "userid-sec": [
        "uuid:0723bd04-9731-48c2-86e4-2159abd0e85f"
    ]
}