id in Azure AD User object is the same value as oid claim in ID Token as answered in the related question, but the situation seems to differ from the users for Microsoft Account.

Microsoft Graph API (/me) returns id as, for example, 0123456789abcdef, but oid in ID Token for the same user is a UUID-formatted string (00000000-0000-0000-0123-456789abcdef).

I'd like to know if I can judge whether two differently formatted ID is the same one or not.

$ curl https://graph.microsoft.com/v1.0/users/me -H 'Authorization: Bearer ...' | jq .
{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
  "displayName": "",
  "surname": "",
  "givenName": "",
  "id": "0123456789abcdef",
  "userPrincipalName": "[email protected]",
  "businessPhones": [],
  "jobTitle": null,
  "mail": null,
  "mobilePhone": null,
  "officeLocation": null,
  "preferredLanguage": null
}

{
  "ver": '2.0',
  "iss": 'https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0',
  "sub": '...',
  "aud": 'xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxx',
  "exp": 1668257519,
  "iat": 1668170819,
  "nbf": 1668170819,
  "preferred_username": "[email protected]",
  "oid": "00000000-0000-0000-0123-456789abcdef",
  "email": "[email protected]",
  "tid": "xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxx",
  "nonce": "...",
}

CodePudding user response：

According to the documentation, the user id (inherited from directoryObject) is the unique identifier for the object and the value of the id property is often but not exclusively in the form of a GUID; treat it as an opaque identifier and do not rely on it being a GUID.

oid claim is same as user id but always in the form of a GUID.

Based on that 0123456789abcdef is same as 00000000-0000-0000-0123-456789abcdef. 00000000-0000-0000-0123-456789abcdef represents formatted value of 0123456789abcdef.