UserIDs
How to identify users, people and accounts within Feide.
Feide with OIDC/OAuth is not locked down to operate on only one kind of user identifier. Each user record is issued a unique opaque primary UserID, and a set of secondary userIDs of various kinds.
Primary UserID
The primary user identifier is generated for users the first time they access Feide over OIDC/OAuth. It is in the UUID format, and is opaque, not releasing any additional information about the user. It is intended to be long-term, surviving merging of schools and universities.
For now, Feide will not perform automatic account mapping between user accounts.
{
"userid": "7b96eab9-b69e-4b8c-9636-1da868207864"
}
Secondary UserIDs
Feide can handle secondary userIDs in different namespaces. For example, Feide handles both national identity numbers and Feide IDs.
One user may have several secondary userIDs, even of the same type (prefix). It is important that application developers take this into account when implementing applications.
Feide identifier
{
"userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
"userid-sec": [
"feide:andreas@uninett.no"
],
"name": "Andreas Åkre Solberg"
}
National Identity number
If the application is granted the userid-nin
attribute group, it can access the national
identity number. When the user is logged in using ID-porten, the national
identity number is available as a secondary userID. It will look like this:
{
"userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
"userid-sec": [
"nin:10108012345"
]
}
When logged in using a Feide user account, the national identity
number is not returned as a secondary userID, even if userid-nin
is authorized. If available,
it is instead returned at the
extended userinfo endpoint as the attribute norEduPersonNIN
.
{
"norEduPersonNIN": "10108012345"
}
Merged primary keys
If two user records are merged at Feide for OIDC/OAuth, one entry will be removed and all userids from this record will be copied into the primary record. The primary key of the removed record will be added as a secondary historic key to the primary record.
Applications that obtain the primary userID from Feide will always also get access to historical primary keys like this:
{
"userid": "7b96eab9-b69e-4b8c-9636-1da868207864",
"userid-sec": [
"uuid:0723bd04-9731-48c2-86e4-2159abd0e85f"
]
}