Closed yousefmansy1 closed 4 months ago
Once again, no.
Hey thanks for the response I may have missed where this was asked before.
Just tried looking at the backlog and couldn't find it. Was there a prior discussion on this issue?
External source is not trusted source. Imagine oauth service without email confirmation (yes, that one exists). I just login with admin email and become admin.
If you REALLY need it you can fork and support :smile:
Ah ok I see, that does make sense.
In my head I was mainly thinking about the Google oauth. Which you could say is pretty trustworthy.
But for the general case you're correct.
I see there are settings to disable user creation when they have the same email which makes sense.
Would it be possible to auto connect the nextcloud on oauth login?
For example:
This is more useful than the current flow where step 3 would throw an error if user creation is disabled - or if it is enabled it would create a user with the same email but isnt the same user as user@gmail.com.