-
Notifications
You must be signed in to change notification settings - Fork 86
GitHub IDP linked to other account #1291
Comments
It's not clear what is meant by "User wants to link to GitHub account that is in use by another unapproved account"? Should users be able to link to an unapproved account? Note that the getting started page simply calls the /login/linksession API with a redirect URL. That API controls what accounts can be linked to. @aslakknutsen @alexeykazakov can comment on that? That said, if we want to allow users to link any GitHub account, the API should be changed. If the user doesn't need to link GitHub, the UI design also needs to change. |
Unapproved account should not be linked to GitHub at all. It's impossible to link unapproved account using openshift.io UI. Hover users can link accounts using Keycloak UI/REST API or core API. But in this case I guess @sunix has a leftover from our workaround when we switched to GitHub auth during RH outage. Such outdated GitHub accounts should be deleted from our KC. But anyway. This is a known upstream issue in Keyclaok. We we try to link a KC account to some Federated Identity (github in this case) already linked to another user then KC just silently ignores it instead of returning an error. This is something we should re-test carefully and file as an issue to KC. |
Moved to fabric8-services/fabric8-auth#36 |
Setup:
1 unapproved account only linked with GitHub IDP in KC
1 approved account linked with RHD and OSO
The Flow/Page/Error from KC about there being another Account linked to same GitHub account seems lost.
The text was updated successfully, but these errors were encountered: