Bug: OIDC Account Linking Issue with Case-Sensitive Emails

hoarder-app / hoarder

A self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search

https://hoarder.app

GNU Affero General Public License v3.0

5.79k stars 185 forks source link

Bug: OIDC Account Linking Issue with Case-Sensitive Emails #411

Open IamTaoChen opened 1 month ago

IamTaoChen commented 1 month ago

I have a local account with the email AaBbCcDd@example.com, and when I use OIDC with OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = true, it doesn't link to the same account because the email from OIDC is aabbccdd@example.com.

kamtschatka commented 1 month ago

This is not really an issue with OIDC per se. This also happens when you create accounts locally with "Asdf@example.com" and "asdf@example.com". We'll have to discuss how to solve this issue internally, but basically email addresses are case insensitive, so they should all be 1 account.

MohamedBassem commented 1 month ago

@IamTaoChen As @kamtschatka said, unfortunately currently we do email comparisons in a case sensitive way. It might take us some effort to change this behavior, so we might not have enough time to get to it soon to be honest. If you want, we can help you modify your email in the database so that linking can work :)