Navigation

    FusionAuth
    • Login
    • Search
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs

    UNSOLVED "A unique identifier was not provided for the user" when new user from AAD

    Q&A
    3
    3
    146
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      simon.roberts last edited by

      Can use the AAD config per instructions at https://fusionauth.io/docs/v1/tech/identity-providers/openid-connect/azure-ad

      However, when create_registration is turned on, I can't create a new FA user. I get error "A unique identifier was not provided for the user. This account cannot be used to login, unable to complete this login request."

      From the event log

      2/23/2023 07:48:05 AM Z Build a new user object from the returned Userinfo response:
      {
        "sub" : "3XXJmjO2q9DQCmGWV8-dyv_EzpOT-m_IAc3NX5nuYXA",
        "name" : "Simon Roberts",
        "family_name" : "Roberts",
        "given_name" : "Simon",
        "picture" : "https://graph.microsoft.com/v1.0/me/photo/$value",
        "email" : "simon.roberts@mycompany.com"
      }
      2/23/2023 07:48:05 AM Z Linking strategy [LinkByEmail]
      2/23/2023 07:48:05 AM Z Resolved email to [smycompany.com]
      2/23/2023 07:48:05 AM Z Resolved username to [null]
      2/23/2023 07:48:05 AM Z Resolved unique Id to [null]
      2/23/2023 07:48:05 AM Z A unique Id was not provided b
      

      How do I get the unique ID? If I open the bearer token in jwt.io I can see my AAD OID in there

        "name": "Simon Roberts",
        "oid": "fa87b189-7080-4050-aa1b-e77e113e6799",
      

      my scope is "openid"

      What am I missing?

      dan 1 Reply Last reply Reply Quote 1
      • dan
        dan @simon.roberts last edited by

        @simon-roberts You can specify the unique UUID on the identity provider configuration. If you are using the admin ui, navigate to the identity provider, then to the Options tab at the bottom, then to the Unique Id claim field.

        If the oid claim is a valid UUID and unique and immutable, you can specify that.

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • N
          nazi.far.hadi3171 last edited by

          Facing same issue but no response from anyone and could not find this topic troubleshooting in google.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post