zorn-v
commented
3 years ago If you install prev version all works fine ? In last time there is added new option like "restrict login without ANY group", but your option does not touched.
Closed unknownconstant closed 3 years ago
zorn-v
commented
3 years ago If you install prev version all works fine ? In last time there is added new option like "restrict login without ANY group", but your option does not touched.
unknownconstant
commented
3 years ago After some troubleshooting I've been able to log in again by removing the value of 'User info URL (optional)'.
Users' groups were no longer being mapped to NextCloud groups. The id_token uses 'cognito:groups' and this had been working fine until some point after an upgrade to v4.6.11.
I remember when I first set up social login I had a problem with 'User info URL (optional)'. I believe without a value in this field social login did not allow users to log in, but the endpoint I was using returned empty groups information as this was already in the id_token. Perhaps something changed in v4.6.11 with regards to using user_info for groups mapping? It does seem to be working now after having removed the user_info URL.
Perhaps this is not a bug, but the workaround I implemented for a bug which has now been fixed caused me issues?
zorn-v
commented
3 years ago Thanks for investigation. Fixed in v4.6.12
In the latest version if 'Restrict login for users without mapped groups' is enabled users are unable to log in even if they do have mapped groups.