local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 51 Pull requests 13 Projects 1 Releases Packages 1 Activity Actions

Authentication flow #133

New issue
Closed
opened 2025-08-04 15:13:22 +02:00 by moritz · 2 comments
moritz commented 2025-08-04 15:13:22 +02:00
Owner
Copy link
  • email field is only part of member, remove the user email field
  • user authentication with password is identified by member mail
  • user authentication with oidc is identified by oidc_id
    • On OIDC login, when there is no user with oidc_id:
      • if there is a member with the same email associated with a password authenticated user:
        • ask for password and associate the user with the oidc_id
      • if there is a member with the same email but without user
        • create a new user and associate it with the member
      • else:
        • create a new member with a new user
    • On OIDC login, if a member and user already exist, update the member email to the one passed from the OIDC provider
- email field is only part of member, remove the user email field - user authentication with password is identified by member mail - user authentication with oidc is identified by oidc_id - On OIDC login, when there is no user with oidc_id: - if there is a member with the same email associated with a password authenticated user: - ask for password and associate the user with the oidc_id - if there is a member with the same email but without user - create a new user and associate it with the member - else: - create a new member with a new user - On OIDC login, if a member and user already exist, update the member email to the one passed from the OIDC provider
moritz added this to the Accounts & Logins milestone 2025-08-04 15:13:22 +02:00
moritz added this to the Sprint 5 - 31.07. - 11.09. project 2025-08-04 15:13:23 +02:00
moritz commented 2025-08-05 13:08:03 +02:00
Author
Owner
Copy link

email field with AshAuthentication:

  • password strategy requires a real identity_field
  • computed/virtual Fields don't work as identity_field
  • a custom password strategy is complex and not good documented

solution 1:

  • keep the email field in user
  • read-only access
  • sync with member email field
  • ensure it with a validation function
  • avoiding inconsistency could be complex

solution 2:

  • user.email is the single source of truth Member email is automatically set from user email
  • Members without a user have their own email field
  • OIDC sets the user email; member email follows automatically
  • Easier to understand - User.Email is the source
  • OIDC works naturally - sets User.Email directly
  • No inconsistency - Member email follows automatically
  • Members without a user remain unaffected
  • AshAuthentication works - has a real email field
email field with AshAuthentication: - password strategy requires a real identity_field - computed/virtual Fields don't work as identity_field - a custom password strategy is complex and not good documented solution 1: - keep the email field in user - read-only access - sync with member email field - ensure it with a validation function - avoiding inconsistency could be complex solution 2: - user.email is the single source of truth Member email is automatically set from user email - Members without a user have their own email field - OIDC sets the user email; member email follows automatically - Easier to understand - User.Email is the source - OIDC works naturally - sets User.Email directly - No inconsistency - Member email follows automatically - Members without a user remain unaffected - AshAuthentication works - has a real email field
rafael added the
L
 label 2025-09-04 12:51:53 +02:00
simon modified the project from Sprint 5 - 31.07. - 11.09. to Sprint 6 - 11.09 - 02.10. 2025-09-11 10:13:00 +02:00
simon added the
needs refinement
 label 2025-10-02 12:44:29 +02:00
simon commented 2025-10-02 12:46:07 +02:00
Owner
Copy link

is this still relevant after we re-planned #119?

is this still relevant after we re-planned #119?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
renovate/renovate-renovate-42.x
renovate/mix-dependencies
perform-migration-on-startup
feature/196_search_custom_fields
feature/220_ui_issues_2
sidebar
renovate/major-postgres
feature/223_member_checkbox
renovate/major-mix-dependencies
renovate/postgres
renovate/ghcr.io-sebadob-rauthy-0.x
persist-sort-order
docs/210_payment-concept
feature/151_roles_permissions_docs
manual_renovate_update
feature/#158-polish-README
feature/128_playwright_a11y_test
feature/119_member_user_relation_refactor
feature/119_user_as_member
feature/backpex-migration
feature/backpex_translation
feature/39_account_ressource
feature/74_memberfields
validation
feature/36_add_primerlive
No results found.
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
high priority

   
invalid

Something is wrong

  
L

5 h

  
low priority

   
M

3 h

  
medium priority

   
needs refinement

   
question

More information is needed

  
S

1 h

  
UX research

   
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
high priority
invalid
L
low priority
M
medium priority
needs refinement
question
S
UX research
wontfix
Milestone
Clear milestone
No items
No milestone
Accounts & Logins
Projects
Clear projects
No items
No project
Sprint 6 - 11.09 - 02.10.
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: local-it/mitgliederverwaltung#133
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?