We're remapping the token's email field, which accounts only uses for the name of the oidc external connection.
I think if an external connection is found we should update the name during login. (Using the preferred_username field.) Additionally we should change that create statement to also use the preferred_username field.
|
oidc_connection = repo.external_connection.get_by_type(db, subscriber.id, ExternalConnectionType.oidc, oidc_id) |
|
|
|
if any([oidc_id != ec.type_id for ec in oidc_connection]): |
|
# Ensure sentry captures the error too! |
|
if os.getenv('SENTRY_DSN') != '': |
|
e = Exception('Invalid Credentials, incoming oidc id does not match existing oidc id') |
|
capture_exception(e) |
|
|
|
raise HTTPException(403, l10n('invalid-credentials')) |
|
|
|
if not oidc_connection: |
|
external_connection_schema = schemas.ExternalConnection( |
|
name=token_data.get('email'), |
|
type=ExternalConnectionType.oidc, |
|
type_id=oidc_id, |
|
owner_id=subscriber.id, |
|
token='', # We don't need token data here |
|
) |
|
repo.external_connection.create(db, external_connection_schema) |
We're remapping the token's email field, which accounts only uses for the name of the oidc external connection.
I think if an external connection is found we should update the name during login. (Using the preferred_username field.) Additionally we should change that create statement to also use the preferred_username field.
appointment/backend/src/appointment/routes/auth.py
Lines 614 to 632 in 4acb53f