Contrib.social

Claiming existing Drupal account upon first OpenID authentication

Open on Drupal.org β†’
Created on 11 October 2018, about 6 years ago
Updated 20 October 2023, about 1 year ago

Problem/Motivation

I have a site with a lot of users and we're adding OpenID Connect. The actual connection is via a custom extension to OpenID Connect Windows Azure AD / B2C β†’ which tidies up the email value in $userinfo. The authentication itself is working fine for users that are created from the login process. However, if a user has no entry in the authmap table then we get an error claiming "The e-mail address user@example.com is already taken." and we can't log in.

Proposed resolution

Upon Login via OpenID Connect;

  • Connect the Drupal account to the auth provider if configured to allow this and not already connected.

Remaining tasks

  • Review

User interface changes

The Automatically connect existing users setting found in the 8.x branch is added to the OpenID Connect admin config form. This is FALSE by default to maintain historical behaviour for the established install base.

API changes

None.

Data model changes

None

✨ Feature request
Status

Fixed

Version

1.0

Component

Documentation

Created by

πŸ‡³πŸ‡ΏNew Zealand Gold 20 minutes in the future

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mcanada

    This looks like it made to the module, but it is not working for me. I can only login if I manually connect the accounts while logged in as a drupal user. I would like to be able to create a drupal user on the fly if the user is authenticated via oauth.

    Any ideas?

  • Comment about 1 year ago β†’
    solideogloria

    @mcanada, Nothing was ever committed. Did you apply a patch, and which one? Are you using 7.x?

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mcanada

    @solideogloria I did not appy any patches. What I mean is that I see the option on the settings (see picture attached) but it doesn't seem to work.

  • Comment about 1 year ago β†’
    solideogloria

    I would like to be able to create a drupal user on the fly

    That's not what this option is supposed to do. This option never creates accounts. It claims an existing account that was already created programmatically or by some other login or process. If you want to create an account, you'll have to use a custom module to register an account in the code.

    The option doesn't say "automatically connect non-existing users". It is for connecting OpenID users if there is an existing Drupal account that hasn't been bound to the OpenID user yet.

  • Comment about 1 year ago β†’
    solideogloria

    Otherwise, it could be that you need to download a patch or that have have some configuration that needs to be changed.

    If you can, use xDebug to step through the code and see what isn't working. Or, share any error messages you see.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mcanada

    @solideogloria Thank you. That makes sense (I think).

    I guess what I still don't understand is how the below works

    It is for connecting OpenID users if there is an existing Drupal account that hasn't been bound to the OpenID user yet.

    What is the criteria to match a Drupal account to the OpenID user? Name, email?

  • Comment about 1 year ago β†’
    solideogloria

    From your screenshot, you can see that it's by email address. At least, that's what it is when I use it. That's why is says that without this option, if the email address is already in use, the user won't be able to log in.

  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States mcanada

    @solideogloria yes that is what it says, but it doesn't work. I logged in with my provider and created a d9 user with the same email address. It did not match the accounts.

  • Comment about 1 year ago β†’
    solideogloria

    You'll have to do some more digging then. I use it with Azure AD and it works. Does your provider have the UPN set to the email address?

  • Comment about 1 year ago β†’
    solideogloria

    The best thing you can do is get xDebug working and use breakpoints to find the source of the issue by stepping through the code.

  • Comment about 1 year ago β†’
    System Message
    • sanduhrs β†’ committed 4733c0a3 on 7.x-1.x 
      Issue #3005824 by james.williams, Gold, odegard, dcam, sanduhrs:...
  • Status changed to Fixed about 1 year ago
  • Comment about 1 year ago β†’
    πŸ‡©πŸ‡ͺGermany sanduhrs πŸ‡ͺπŸ‡Ί Heidelberg, Germany, Europe

    Committed, thanks!

  • Comment about 1 year ago β†’
    System Message

    Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024