OIDC - How to link api user to local app repository entities

Questions
1

I have a React front-end using the okta-react sdk (6.0.0), with a .NET Core 3.1 web api. My question surrounds the best practice flow to add/link the OIDC user to my local identity store.

Here’s an older post by the Okta Team that somewhat sheds light on what I’m shooting for. Build a CRUD App with ASP.NET Core and Angular | Okta Developer. However I have a couple questions…

  1. Because the uid/sub is in the claim, it obviously doesn’t need to be sent in the route. However can it still be considered legit to have routes that actually send the uid/sub in the route, and for example, look something like

api/users/uid/workouts/workoutId

  1. If I wanted to add social login functionality, do backend entities also need to be queried by provider in addition to the uid/sub? For example,
_context.Workout
        .Where(u => u.UserId == userId && u.Provider == "okta")

Any guidance would be appreciated!

2

I think not adding the given entity id in the route is what’s getting me. Using a second canonical example, if I wanted to get all books for a given author, I would do something like the below.

[Route("~/api/authors/{authorId:int}/books")]
public IQueryable<Book> GetBooksByAuthor(int authorId)
{
    return db.Books.Include(b => b.Author)
        .Where(b => b.AuthorId == authorId)
        .Select(AsBookDto);
}

In this example, the authorId is passed in the route. So, in the Okta example, to get all workouts for a given “gymMember”, I would expect to have a route of

api/gymMembers/{memberId:int}/workouts

I completely understand that the “gymMember”/user claim is available without needing to send it via the route, but how can this be done so it’s a bit more natural?

Hope this makes sense :slight_smile: