Once thing to consider; when we first created this we treated the builtin (and all authentication providers) like we do with shib in that they are the source of truth for these details.

However, since then we have introduced oauth and user can (and sometimes have to) enter e-mail address via dataverse. All that is needed is some kind of unique token. We may want to consider this here and no longer store anything in builtinuser except for username and password.

Yes! I would love to remove the following fields from the builtinuser table:

• affiliation
• email
• firstname
• lastname
• position

As @scolapasta indicated, we need to keep these fields:

• username
• encryptedpassword
• passwordencryptionversion

yup, just discovered this the hard way by changing email.
Btw, THIS IS WHY PASSWORD RESET EMAIL IS NOT SENT/RECEIVED.
I manually set them to be the same in the db and password resent email was then sent correctly. So, it appears that many UI features use the address in authenticateduser table (dashboard, account info, log in detect/ sign up detect) but password reset appears to use the builtinuser table email. So, it you changed it and then forgot your password you are SOL.

Hi @thaorell - is everything moving OK here? Feel free to drop into Slack or post a comment here if you have questions, we're happy to help!

@djbrooke It is going ok. I'm still learning about the code. I have dropped some columns (email and affiliation) and changed the code a bit, they are still giving errors and I am currently working on fixing them

@thaorell - are you still working on this, or have you moved onto other items? Thanks!

assigning to @scolapasta to talk about this at next estimation session

The attached PR #4993 takes on solving the title of this story by removing the attributes from builtinUser entirely. AuthenticatedUser is now the goto for firstname, lastname, email, affiliation, position. Note there is an upgrade 4.9.2 to 4.9.3 script that drops these attributes from builtinUser.

Things touched:

• Shib: Setting username
• OAuth first login (and more?)
• Login username & password, especially for builtin users
• Creation of users via api.
• General authentication / login
• Password Reset
  • It looks like reset emails work fine now, but I may be misunderstanding the broken case

Do we know of any cases where the data was only updated in builtinUser and not AuthenticatedUser? If so we may need to look into some sort of migration.

Looks good. The DataverseUserPage does not need/use the bean level builtin User.

Issues found so far:

1. When logged in as super user (dataverseAdmin) the dashboard link in navbar is missing but is present in account name pull down.
   Confirmed this was an intentional change as part of language toggle and existed in develop. As designed.

Things tested:

• Shib: Setting username
• OAuth first login (and more?) (github,google,orcid)
• Login username & password, especially for builtin users
• Creation of users via api.
• Creation of users via UI
• Chg user account info via UI
• Verify email
• Assign roles
• Manager Users, incl. supe user, remove role
• General authentication / login
• Password Reset
  It looks like reset emails work fine now, but I may be misunderstanding the broken case