Creating a user account based on the info in a GITkit JWT idtoken payload?

Question

What is the best way to uniquely identify a user starting from the data inside the JWT payload?

I will not use the email address alone (or a salted hash of it for that matter) as the primary key of the user account, as I'm not certain if doing this is really secure.

Is it okay to use a concatenation of the user_id and the provider_id separated by a special character? Is this concatenation guaranteed to be unique among all "big" and "honest" providers (I don't know if rouge providers could do bad things)? Or a concatenation of the email address and the provider_id?

score 0 · Answer 1 · answered Aug 19 '15 at 22:31

0

The user_id in the Identity Toolkit ID token is unique, it's the local ID generated by the backend for the user in your app.

For more details, see: https://developers.google.com/identity/toolkit/web/required-endpoints#id_token_desc

answered Aug 19 '15 at 22:31

cslink

1

Creating a user account based on the info in a GITkit JWT idtoken payload?

1 Answers1