I'm using Thinktecture's Authorization Server with ACS hooked up and LiveID as an Identity Provider. It works, but the JWT looks like (notice the nameid claim):
{
"aud": "urn:mygym",
"iss": "https://my-gym.accesscontrol.windows.net/",
"nbf": 1378851574,
"exp": 1378852174,
"nameid": "MjApoxNfAaXXXXXXXXXXXXXdBi7lqd4sjd6j0=",
"identityprovider": "uri:WindowsLiveID"
}
This is caught in my custom JWT token Handler, so it's gottent directly from ACS. The "nameid" claim should be the Live ID UserId, but it's not, looks like a base64 encoded string, but it just decodes to random chars. I need to get the UserId in order to get user's public info, as in https://apis.live.net/v5.0/8c8ce076ca27823f.
Any ideas of what can be wrong or missconfigured?
ACS doesn't give you an e-mail or a "global user id" for LiveId authenticated users. It gives you an identifier that is unique for the specific user and the ACS namespace. So it is guaranteed that the authenticated user is a returning user_, that's all.
You might want to check other ways of connecting to LiveID (e.g. using their OAuth endpoints that gives you much more control).
Note: If you are using Identity Server, ACS might not be needed at all...