-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: OAuth unable to bind email to user #1322
Comments
This is actually what we (aim) to do. If we do not find the eMail based on the JSON Path you entered there - but if we then get the JSON by the user introspection Request, we take the eMail from there. Please check the JSON structure of the user introspection endpoint and adapt the JSON path in the Source Mapping as you expect all fields there would come from the user introspection endpoint |
Idea behind this "manual binding" is to give great flexibility for many possible providers and integrations. |
I'll try out a few variations and confirm. What's odd is that the current name of the email returned from user introspection is 'email' based on what shows under the extras=>GENERIC section under the currentUser object, which is how I have it mapped in the source mapping. Thanks for the feedback and I'll let you know! |
We also have to try again. If it not works as intended - then we will fix it. |
@placidic @FalkWolsky @ludomikula |
Thanks for the tip @dragonpoo, I initially I was unsure what property would be ideal to map to the user id but the sub property does make more sense. I pulled the latest dev image released about 12 hours ago in dockerhub, updated my SSO mapping to use sub (which would also force a new user to be created), hoping that the referenced merged (1322) would resolve my email binding issue. As expected, the new user is created and added to the workspce, but unfortunately, the lowcoder user is not created with the email property populated, however the email still correctly shows in the extended OIDC properties within the extras section as before. I've also confirmed that within my user introspection response, the email address is returned with the same mapped property name 'email' |
User's email is populated only when you signup using email address or bind email after oauth signup. |
Right now /bindEmail endpoint is not implemented yet. |
Is there an existing issue for this?
Current Behavior
I have a successful GENERIC OAuth Implementation for Lowcoder against Microsoft Entra ID.
When a new user is created automatically upon first login of the user, the new lowcoder-user object is not populating the email property. Furthermore, if the logged in user clicks the Profile Icon and attempts to manually bind the email address to the current user, an "Oops, service is busy" error message appears and the binding fails.
I can confirm that the GENERIC data contained in the user object contains the email address value - but the local user email is blank.
With the new Lowcoder login experience in v2.5.0, this is causing issues when the user is trying to log in using the standard user login path. The email is unable to be found in the local lowcoder database and stops the user from proceeding.
There is a workaround however to still use the old workspace specific login path - once you go there, you still only see the Email Input, but if you enter an email address and click "Continue" it then refreshes and renders the SSO Buttons configured for that workspace. An extra step to log in now with 2.5.0, but at least accessible.
Expected Behavior
I would expect that upon first login of the new user, the email address returned from the OAuth provider would be automatically bound to the lowcoder user object.
Steps to reproduce
Environment
Lowcoder 2.5.0 Self-Hosted
Additional Information
No response
The text was updated successfully, but these errors were encountered: