Closed keesfluitman closed 4 months ago
zorn-v
commented
4 months ago Can I change that?
No
Or why is that?
To not allow one user login with another if provider user id will the same somehow with another provider. Some providers does not have email confirmation, so no, it will not login via email.
keesfluitman
commented
4 months ago Can I change that?
No
Or why is that?
To not allow one user login with another if provider user id will the same somehow with another provider. Some providers does not have email confirmation, so no, it will not login via email.
Thnx. Ye i get it now. Different providers usually trigger new account creation unless you prolly write code to perform a proper identity identification with more than just an email property. So migrating from one to another is actually quite a big struggle...i just wanted to move to authentik and make sure me and my users can also login to the same accounts, but through authentik.
zorn-v
commented
4 months ago If you do migration - you can link accounts via oc_sociallogin_connect table. So any new may be linked with old one.
keesfluitman
commented
4 months ago If you do migration - you can link accounts via
oc_sociallogin_connecttable. So any new may be linked with old one.
Ill check on that. Good for migration. Say i would have lfap configured now. And i remove my lfap configuration and link my new oauth2 or saml accounts with those. Would they reappear? Because as of now. Accounts made through some external identity provider are removed automatically when the IP is disconnected.
I have Authentik OAuth2 setup. Login works. Say I use email or UUID as unique identifier.
Now when I login, nextcloud creates a new account, with a composite UID of the Internal Name and the Email or UUID. Instead of actually checking based on the emailaddress or an existing account with that UUID?
So I named my internal name Authentik, it calls the user: Authentik-COMPLEXUUID
Can I change that? Or why is that? Now it just creates users for each OAuth provider. Disabling auto create does not solve it, it just blocks you from logging in. (since it thinks the account doesnt exist yet)