Closed hirunatan closed 2 years ago
Connect account does not mean "match by email". Just imagine some service without confirmation of email (it can be), and some user set his email to "admin@blabla.bla" which belongs to nextcloud admin. One click and ANYONE can become admin.
Read related closed issues, I tired to explain the obvious things.
This could be easily solved, for example, by requiring the user to log in with their password before making the link.
I think that this workflow will easier and more intuitive, especially for low tech users, than loggin in, going to their user settings, locating the social login option (that furthermore is not translated) and requesting to connect.
by requiring the user to log in with their password before making the link.
Require on provider side ? But we have no control on that.
Seems I see.
Sorry but it not possible (no sense for redisign) in current architecture. You may fork this repo and make your project.
I thought that perhaps it would be possible, when returning from the provider authorization, before creating a new user, if there is already a user with this email, simply redirect to the "social connect" screen. As this screen requires a logged user, nextcloud automatically redirects to the login screen with a ?redirect_url parameter to come back to connect screen after login.
I'm sorry, I have no time for investigating further or doing this myself. Just tell you the idea in case it helps. Thanks.
For @hirunatan and anyone else that stumbles upon this later, the problem may simply be a misunderstanding of how "Allow users to connect social logins with their account" works. It was definitely unclear to me. Like you, I expected that upon login I would be prompted to link my account, like on other sites. Instead, what you need to do is already be logged in using your credentials, then navigate to Settings -> Personal -> Social Login. There should be a button for each OAuth provider. Once you click it the handshake should happen with the provider and your account will be linked. This workflow isn't intuitive, so it may require you to give your users guidance.
Hopefully this saves somebody a little time in the future.
My use case is that I have many existing accounts in my nextcloud installation, and want to let the users log in with their social accounts, if they want, to avoid them needing to remember yet another password.
I have installed social login app, and enabled "Allow users to connect social logins with their account" and "Disable auto create new users" options. I don't want them to create new accounts because I use a centralized LDAP directory and the new users need to be authorized.
I expected that when a user logs in via google, for example, if there is already an account with the same email as the google account, it is linked to the google auth. But I get the message "Auto creating new users is disabled".
Am I doing something wrong or need to do something else? Is this use case planned? Thanks.