Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inhibit profile changes/override from OAuth always #152

Open
qsuscs opened this issue Sep 2, 2024 · 1 comment
Open

Inhibit profile changes/override from OAuth always #152

qsuscs opened this issue Sep 2, 2024 · 1 comment
Labels
enhancement

Comments

@qsuscs
Copy link

qsuscs commented Sep 2, 2024

Feature Description

We are trying to switch from direct LDAP/AD auth to OAuth/OIDC via Keycloak. The former allowed us to disable changing one’s profile information (which would get overridden from AD anyway), including password. I would like to have the same functionality here.

From a quick glance at the code, it does not seem too complicated and I might end up dropping a patch, but I’m not experienced with PHP.
@splitbrain
Copy link
Member

couple of things:

  • when using authAD, changing profile information changes it in AD thus your comment on it being overwritten by AD makes no sense
  • oauth keeps a copy of user data in a local file for offline access
  • IIRC the only info users can change is their display name and their oauth group memberships (managing which oauth providers to allow)
  • the overwrite-groups option makes sure that groups are always updated from upstream

So I guess an option to prevent users from editing their real name could be introduced. We would also need to update it on reauthentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@splitbrain @qsuscs