Let's assume I have a MSSQL Table called projects and there is a one-to-one relationship between users and projects and I'm using authenticated calls to CRUD functions implement as Azure Functions to manipulate this table. (That is to say, the Azure functions are protected by AAD).
Let's further assume that I am using the IDENTITY feature of MSSQL to generate primary keys (sequential integers) so each authenticated user has a unique integer.
(1) How do I associate a newly authenticated user with a newly created primary key so that AAD will provide that primary key for me in the token the next time he/she creates a new session?
(2) Do I need to be concerned about malicious users guessing at future and past primary keys and accessing the projects (rows) of other users via my AAD authenticated Azure functions?