Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak integration breaks on upgrade to >=5.1.1.2 #2048

Closed
2 tasks done
viktorbard opened this issue Nov 6, 2023 · 3 comments
Closed
2 tasks done

Keycloak integration breaks on upgrade to >=5.1.1.2 #2048

viktorbard opened this issue Nov 6, 2023 · 3 comments
Labels
duplicate Similar issue or pull request already exists.

Comments

@viktorbard
Copy link

viktorbard commented Nov 6, 2023
edited by nijel
Loading

Describe the issue

After upgrading weblate image from 5.1.1.1 to >=5.1.1.2 all users are getting Could not complete registration. The supplied e-mail address is already in use for another account when signing in with our keycloak integration.

I already tried

  • I've read and searched the documentation.
  • I've searched for similar issues in this repository.

Steps to reproduce the behavior

  1. Log in to Weblate with Keycloak as OIDC provider
  2. Bump Weblate image from 5.1.1.1 to 5.1.1.2
  3. Try signing in to Weblate again with Keycloak

Expected behavior

Able to map login to existing user, not trying to create a new user.

Screenshots

Login view:

image

Audit log:

image

Exception traceback

No response

Additional context

No response
@viktorbard viktorbard changed the title Keycloak integration breaks on update to >=5.1.1.2 Keycloak integration breaks on upgrade to >=5.1.1.2 Nov 6, 2023
@nijel
Copy link
Member

nijel commented Nov 6, 2023

It upgrades social-auth-core to 4.5.0, see https://github.com/python-social-auth/social-core/releases/tag/4.5.0. The Keycloak change looks harmless: python-social-auth/social-core#815

@viktorbard
Copy link
Author

viktorbard commented Nov 7, 2023
edited
Loading

Thanks for the links. I agree that they look harmless but after some more investigation we found that default ID-key had changed from username to email for us.

We tried setting SOCIAL_AUTH_KEYCLOAK_ID_KEY=username and WEBLATE_SOCIAL_AUTH_KEYCLOAK_ID_KEY=username to override but it didn't work. We ended up changing uid from username to email in the database then auth worked after upgrade.

Looking at those changes though, it looks like default should still be username...

@nijel nijel mentioned this issue Nov 9, 2023
Closed
@nijel nijel added the duplicate Similar issue or pull request already exists. label Nov 9, 2023
@nijel
Copy link
Member

nijel commented Nov 9, 2023

Duplicate of python-social-auth/social-core#854

@nijel nijel marked this as a duplicate of python-social-auth/social-core#854 Nov 9, 2023
@nijel nijel closed this as not planned Won't fix, can't repro, duplicate, stale Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate Similar issue or pull request already exists.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nijel @viktorbard