zorn-v
commented
2 years ago I can understand "what you don't like" ) Users that created via social login doesn not know their passwords. They should be to have opportunity to change it.
Closed davidc closed 1 year ago
zorn-v
commented
2 years ago I can understand "what you don't like" ) Users that created via social login doesn not know their passwords. They should be to have opportunity to change it.
davidc
commented
2 years ago The entire point of SSO is that they have one password at the IdP - single sign on.
Making them create a Nextcloud password as well defeats the object. Why even bother with SSO then? We might as well just create users and have them do password resets. And then they have to maintain another password. So why did we implement SSO?
zorn-v
commented
2 years ago The entire point of SSO is that they have one password at the IdP - single sign on.
Where you can find that my app is for SSO ? Yes, it can resolve some SSO "problems", but it not for it.
After being idle for a while, making changes to the settings in the admin site require password confirmation: "This action requires you to confirm your password".
Obviously this is impossible for users on this backend as there is no way to confirm their SSO password.
The relevant code appears to be here: https://github.com/nextcloud/server/blob/0d0fcd316a6b556cabf656cd7bdca63da26aab2d/lib/private/Template/JSConfigHelper.php#L123
It seems they have a hardwired list of backends to exclude from this confirmation, of which nextcloud-social-login is not one. The solution may be to implement IPasswordConfirmationBackend and have canConfirmPassword() always return false, but I don't know what other effects this may have.