Should You Flow External Claims On Every Login?

1 ยท Phil Haack ยท July 17, 2019, 4:19 p.m.
In my last post, I showed how to flow claims from an external identity provider to your application. My post walks through how to bring over the claims every time the user logs in. But why would I want to do this? On Twitter, Brock Allen replied to my post with this tweet, IMO, external claims (other than sub) are only useful to pre-populate the registration page in your app the first time the user ever shows up from the external IdP. Otherwise, and forevermore, you ignore those claims from the...