Description
When signing up for your application with an external provider (e.g. Facebook), the developer may want to persist additional data about the user, as well as their access and refresh tokens.
@HaoK @blowdart @danroth27
There are at least three parts to this process.
A. Extracting additional information from the provider and storing it as claims. The information is provider specific, but there is a generic pattern. In 1.x the developer hooks into an event on the auth middeware, reads the user info blob, and creates new claims for the temp cookie. For 2.0 the developer no longer needs to hook into the events to do this manually, there is a new ClaimActions list on the options that lets them add and remove mappings. See OAuthOptions.ClaimActions, OpenIdConnect.ClaimActions and TwitterOptions.ClaimActions.
B. Persisting access tokens in the temporary cookie. See RemoteAuthenticationOptions.SaveTokens.
C. When you get to the account controller, you need to copy this information into the user database on app sign-up, or optionally update it per sign-in.