-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connecting To Exsiting Accounts not Working with Adapter #521
Comments
If a user already exists with the I think there are two possibilities:
The second is the most likely. Please try this config change. Does it work as expected?
I'll see if I can try Google auth. |
I used those settings to add Google to my SSO providers, made a new user with my Google email address, logged-in with my Google account, and the existing account connected. The only difference is you have this config line:
I don't know if |
Please try this config change. Does it work as expected?
Where did you find that? It can't even remember where I found the one I'm using. It does not seem to be listed in the all-auth documentation for Google. |
I think your config was based on an older version. Prior versions of Ghostwriter had an older I have some details here: https://www.ghostwriter.wiki/features/access-authentication-and-session-controls/single-sign-on#sso-registration-and-domain-allowlist It's discussed here in the |
Describe the bug
The changelog for 4.3.0-RC1 states:
I found this to not work in my case. Let's start with my setup.
Steps to reproduce the behavior:
0. Create a user named testuser, with email [email protected]. Have no social logins assigned to that user.
Expected Behavior
In step 5-7 I'd actually expect there to be no "Sign Up" (see Additional Context) but a "Connect Account" form where you basically confirm, that you want to link your local account to your Google Account. I think all-auth does have a /connect endpoint. Actually it might also be nice to have that reachable from the user's profile.
Workaround
I'm considering not pre-creating accounts locally and just allowing people to do "Sign Up" via Google for Work, but I'm not entirely comfortable with it.
Screenshots
Server Specs:
Additional context
Originally I wanted to have the tightest control possible over who gets an account. So I'd preferably have registration turned of and only allow existing users to connect their Google for Work account. That way I can assure that only accounts I created will have access to the system. I'm pondering to drop that requirement now that RBAC assigns new users the low 'user' role by default.
The text was updated successfully, but these errors were encountered: