Add more claims to LiveID for ACS
The nameidentifier claim containing a made up ID unique to my application is not sufficient for authenticating a user. With no way to get additional user identifiable information, a user could authenticate with Live and then fill out a local profile on my application for whomever they wanted. They could claim to be Bill Gates, I would have no way of verifying that based on the nameidentifier claim coming from LiveID.
The Azure Active Directory team has aligned its resources behind services in Azure Active Directory. This effort will eventually replace functionality available in ACS. The blog post – http://blogs.technet.com/b/ad/archive/2013/06/22/azure-active-directory-is-the-future-of-acs.aspx – provides a high-level overview of this transition. The ideas posted around ACS have been collected and passed the team. We will close out ideas posted around ACS to return votes used on this topic. Please feel free to post additional ideas here, and/or email me directly – firstname.lastname@example.org.
The Azure Active Directory team greatly appreciates the feedback. We look forward to hearing from the community as much as possible. It is one of the essential ways we can continue to create and enhance our service offerings to meet your needs. Thank you.
Robert Mühsig commented
The blogpost only mentioned "enterprise"-authorization features - does this mean that you don't have any plans to enhance the ACS functionality with Facebook/Microsoft Account/Google? As a result the "best way" would be to go with the LiveSdk/Facebook SDK etc. or other services like auth0.com - right?
If the ACS provides Access token, it would be great. So the code can fetch the required claims on request.