asp.net-identity – OpenId Connect中用户的唯一ID

Is NameIdentifier the unique identifier of the user returned by OpenId Connect? Can it be reliably used to uniquely identify a user over time?

AFAIK,NameIdentifier是从idIt中的NameId或Sub声明映射的(参见here).对于Azure AD的id_token,它使用了Sub声明.

并且从sub claim的描述：

Identifies the principal about which the token asserts information,such as the user of an application. This value is immutable and cannot be reassigned or reused,so it can be used to perform authorization checks safely. Because the subject is always present in the tokens the Azure AD issues,we recommended using this value in a general purpose authorization system.

答案是肯定的,它可靠地用于随着时间的推移唯一地识别用户.