-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle Google login primary domain changes #6858
Comments
Unfortunately this is due to the fact that Google uses the domain name as the primary ID. An awful decision that continues to bite everyone that uses it as an auth provider forever. If you want to easily fix your setup without code changes the easiest thing to do is to find the In a self-hosted environment if the domain matches one in allowed domains we could probably continue to allow sign-in by switching the user authentication to the other provider automatically (the "auto-migrate" mentioned in the comment above) |
It also breaks on self-hosted setups where emails provided by OIDC endpoint were never intended to be on the same domain. Users' |
At my org we're going through a re-brand, and as part of this we're changing our primary domain. We use Outline with Google SSO and so we switched it for testing, but since the switch any logins fail with a
authentication-required
notice.To Reproduce
Expected behavior
The user can sign in with the same account
Actual behaviour
The user gets a blank error page with
?notice=authentication-required
in the URL. In the logs there is this error:Screenshots
Outline:
docker.getoutline.com/outlinewiki/outline:0.74.0
Desktop:
It looks like the error comes from
outline/server/commands/userProvisioner.ts
Lines 85 to 93 in f7ea19c
I'd be happy to send a PR to fix this, given some guidance on the best way of fixing it.
The text was updated successfully, but these errors were encountered: