I have a React front-end using the okta-react sdk (6.0.0), with a .NET Core 3.1 web api. My question surrounds the best practice flow to add/link the OIDC user to my local identity store.
Here’s an older post by the Okta Team that somewhat sheds light on what I’m shooting for. Build a CRUD App with ASP.NET Core and Angular | Okta Developer. However I have a couple questions…
- Because the uid/sub is in the claim, it obviously doesn’t need to be sent in the route. However can it still be considered legit to have routes that actually send the uid/sub in the route, and for example, look something like
- If I wanted to add social login functionality, do backend entities also need to be queried by provider in addition to the uid/sub? For example,
_context.Workout .Where(u => u.UserId == userId && u.Provider == "okta")
Any guidance would be appreciated!