Closed
Description
I updated my primary email in GitHub, and after that, when I tried to log in to Coder using GitHub, Coder created a new username for me with username old_user_name_SOME_RANDOM_STRING with the new email address. I got locked out of my old account.
Related #10726, #4618
See how a new user account is created for me after changing the email. Both are GitHub accounts.
Steps to reproduce:
- Go to https://github.com/settings/emails and chnage your primary email
- Logout and login to Coder
Activity
[-]GitHub Login: If a user chnages their primary email on GitHub Coder createsa a new account for them instead of updating the email on existing account[/-][+]GitHub Login: If a user chnages their primary email on GitHub Coder creates a new account for them instead of updating the email on existing account[/+]matifali commentedon Dec 1, 2023
cc: @kylecarbs
kylecarbs commentedon Dec 1, 2023
@sreya don't we link based on ID?
sreya commentedon Dec 1, 2023
Yeah we should be.
matifali commentedon Dec 2, 2023
We should also automatically update the email and username for GitHub and OIDC accounts, as requested in #10516.
When a user configures an IdP or OIDC for the source of truth of usernames and emails, they will probably not use these fields in naming resources in the templates.
We can help by putting a warning in the docs on configuring OIDC/GitHub OAuth on not using these fields as part of resource names.
I have seen this behavior in Artifactory, where username and email always sync with the IDP.
[-]GitHub Login: If a user chnages their primary email on GitHub Coder creates a new account for them instead of updating the email on existing account[/-][+]GitHub Login: If a user changes their primary email on GitHub Coder creates a new account for them instead of updating the email on existing account[/+]Emyrk commentedon Jan 25, 2024
I actually cannot reproduce this 🤔
Emyrk commentedon Jan 26, 2024
@matifali can you reproduce this? I cannot and maybe it has been fixed and we can close?
matifali commentedon Jan 26, 2024
@Emyrk I changed my GitHub primary email to my Coder email address and I can't log in anymore as I already havy an google OIDC account. Ideal should be to merge both accounts in this case.
If I change my primary email to some other email address Coder created. Anew account for me again.
Emyrk commentedon Jan 26, 2024
Yup this is actually intentional. Merging accounts can be done similar to how we do "Convert to OIDC" from password auth.
We cannot automatically merge them. We would need the user to authenticate via both oauth methods, then click merge from both sides (whatever that looks like).
So this behavior is currently intentional.
matifali commentedon Jan 26, 2024
@ben, @stirby can you try to reproduce this too? I can consistently reproduce.
9 remaining items