search

sourabpramanik / payload-auth-plugin

Authentication plugin for Payload CMS
https://npmjs.com/package/payload-auth-plugin
MIT License
67 stars 4 forks source link

Provider does not create a new user on first login #17

Open studiodrimmel opened 6 days ago

studiodrimmel commented 6 days ago

Describe the bug When I add the Google provider and I try to login with an email that's not in the users collection yet I expected it to create a new user in the Payload application. However it redirects back to the /admin/login page with an error that the user is not found as a query parameter:

http://localhost:3000/admin/login?error=User%2520not%2520found

To Reproduce dependencies:

    "@payloadcms/db-postgres": "latest",
    "@payloadcms/next": "latest",
    "@payloadcms/payload-cloud": "latest",
    "@payloadcms/richtext-lexical": "latest",
    "cross-env": "^7.0.3",
    "graphql": "^16.8.1",
    "next": "15.0.3",
    "payload": "latest",
    "payload-auth-plugin": "^0.3.2",

Add a GoogleAuthProvider to the adminAuthPlugin:

 adminAuthPlugin({
      providers: [
        GoogleAuthProvider({
          client_id: process.env.CLIENT_ID,
          client_secret: process.env.CLIENT_SECRET
        })
      ],
    }),

Add a login button

      <form
        action={async () => {
          'use server'
          signin('google')
        }}
        className="w-full"
      >
        <Button type="submit" className="w-full !my-0">
          Sign in with Google
        </Button>
      </form>

Try to login with Google and use an account that does not exist in the Payload users collection.

Expected behavior I expected it to create a user in the users collection and be logged in.

Screenshots

Desktop (please complete the following information):

sourabpramanik commented 6 days ago

Yes that is expected response, because the plugin do not handle the user creation. Admin should be able to add users to the collection, if we keep the admin dashboard open to all then chances are people with wrong intention can gain access with full control

studiodrimmel commented 5 days ago

Ok, after some thinking I understand that you do not always want to create a new account when someone logs in with something like Google. That was a brainfart of mine, but for corporates you might do. Maybe it could be a config setting, is that an idea?

Use case: I work at a company and we use Keycloak for our IAM. Everybody should be able to login and have rights to edit, we do not wan't to add all of the users to the users collection first. If there is a new colleague, we only want to add them to keycloak and not to all of our payload applications.

sourabpramanik commented 5 days ago

Yes that makes sense. I will release this as a feature next. Thanks btw

Sandro48 commented 3 days ago

+1 for this

Another obvious usecase would be enabling OAuth not for admins but for normal platform users, e.g. we have one "adminUsers" collection and one "users" collection with no access to the admin panel

Love your plugin by the way! We're planning do do a video about it on our Youtube channel (all about payload)

sourabpramanik commented 3 days ago

Thanks @Sandro48 for this lovely gesture and appreciation. I will definitely work this out and make sure the implementation is flexible and consistent as much as possible