Changing primary GitHub email address also changes DataHub ID

[zaneselvans]

I have a personal and a work email address associated with my GitHub account. When I first signed into DataHub, using my GitHub account, my personal email address was the primary address on my GitHub account. Subsequently, I changed my work address to be my primary address at GitHub. Now when I log in to DataHub with my GitHub account, I am assigned a different ID (zaneselvans1 instead of zaneselvans) and the system treats me as if I am a completely new and different user. The datasets which I had previously uploaded are not available, etc.

How to reproduce

• Create a GitHub account
• Add more than 1 verified email address to the GitHub account.
• Sign in to DataHub using GitHub, creating a new DataHub account.
• Change some stuff i nyour DataHub account.
• Sign out of DataHub.
• Change which email address is listed as your primary ID on GitHub.
• Sign into DataHub again, using GitHub

Expected behavior

So far as I understand it, I have only a single identity at GitHub, with two emails associated with that ID -- everything I do at GitHub comes with the username zaneselvans -- I expected DataHub to treat me as a single person as well, and simply use GitHub as the identity provider / authenticator. In that scenario, I wouldn't think that any changes to my GitHub account ought to change my apparent identity at any other site where I log in using GitHub...

[anuveyatsu]

@zaneselvans thanks for reporting this :+1: cc/ @akariv and @zelima

[zelima]

@zaneselvans This is something we have not considered from the beginning and probably worth considering. Until now we were just grabbing primary emails and according to that creating the User on datahub.

Even though this might be the extremely rare case, but what if somebody has same secondary emails across multiple git accounts Eg:

1. the user registers on datahub with git account that has example@email.com as a primary email
2. after it changes the primary email to another_example@email.com
3. A bit later creates another account with yet_another_example@email.com
4. and adds the first email example@email.com as a secondary email to 2nd git account with yet_another_eample@email.com

This way user won't be able to create a new user on datahub

Anyway here's PR fixing the first problem https://github.com/datahq/auth/pull/32

@akariv WDYT?

[akariv]

Generally DataHub uses the email address as the unique identifier of the account, and not the GitHub account id. It uses GitHub (or Google) just to fetch and authenticate the email address.

It might be possible to allow users to change their email address, but it needs proper analysis (to see what breaks if we do this).

Either way your PR is a good workaround for this problem, so now approved.

On Thu, Nov 1, 2018 at 4:00 PM Irakli Mchedlishvili < notifications@github.com> wrote:

@zaneselvans https://github.com/zaneselvans This is something we have not considered from the beginning and probably worth considering. Until now we were just grabbing primary emails and according to that creating the User on datahub.

Even though this might be the extremely rare case, but what if somebody has same secondary emails across multiple git accounts Eg:

1. the user registers on datahub with git account that has example@email.com as a primary email
2. after it changes the primary email to another_example@email.com
3. A bit later creates another account with yet_another_example@email.com
4. and adds the first email example@email.com as a secondary email to 2nd git account with yet_another_eample@email.com

This way user won't be able to create a new user on datahub

Anyway here's PR fixing the first problem datahq/auth#32 https://github.com/datahq/auth/pull/32

@akariv https://github.com/akariv WDYT?

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/datahq/datahub-qa/issues/244#issuecomment-435039406, or mute the thread https://github.com/notifications/unsubscribe-auth/AAQMdb_gPGtuF03uTt_rAY4hbCmsH0Seks5uqv51gaJpZM4X4mcV .

[zelima]

@zaneselvans I'm gonna remove zaneselvans1 from the database so thet you continue using your old zaneselvans one. Please confirm you don't have anything published there that you want to backup before I do so and close issue

[zaneselvans]

I have nothing saved under the zaneselvans1 account -- I saw the disconnect and haven't touched anything since then.

[zelima]

FIXED. zaneselvans1 is removed