-
-
Notifications
You must be signed in to change notification settings - Fork 319
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using OIDC, the email is used to identify the user instead of the 'sub' claim #759
Comments
Thanks for your report @illode! Indeed, the grist-core/app/gen-server/lib/HomeDBManager.ts Lines 533 to 544 in 570e403
However, the method above seems not to be called anywhere. @paulfitz Does it make sense to take advantage of it for that purpose? |
Using the 'sub' claim allows the user to change their email in the OIDC Identity Provider without loosing their work.
This issue came up as pretty crucial to the La Suite project, would be interested in reopening this topic :) |
I'm running the latest (
fdc3b96cf7fa
) docker image, selfhosted. I wanted to use OIDC instead of dealing with SAML.I was going to report a different bug, but wanted to change the emails of my test accounts from
<mydomain>
toexample.com
first so I could send a screenshot. After doing that and signing in, I realized it had created a new account with the same name instead of signing me in to the original account.Multiple
Test Two
users in theusers
table ofhome.sqlite3
:and multiple
test2@<domain>
logins in thelogins
table ofhome.sqlite3
:New personal orgs were also created, leaving the original files in limbo. At least unless I change the emails back.
All of the Test 2 entries in both screenshots are the from user in the OIDC provider (Keycloak), I just changed their emails.
As I understand it, the user should be identified using the
sub
claim (standard claims / ID token). Theconnect_id
column kind of looks like it should be for that, but I'm not sure as it's all NULL.As an aside, there were a few other issues I ran into with the selfhosted version. Should I create new issues for them, or add them to #733 since it seems to have several issues in one?
The text was updated successfully, but these errors were encountered: