coop-cloud/hedgedoc
1
1
Fork 3
Code Issues 3 Pull Requests 1 Releases Wiki Activity

Document binding existing accounts when setting up SSO after creating local accounts #18

New Issue
Open
opened 2025-07-31 20:33:32 +00:00 by decentral1se · 1 comment
decentral1se commented 2025-07-31 20:33:32 +00:00
Owner
Copy Link

Magic hack: https://community.hedgedoc.org/t/how-to-bind-an-oauth2-user-to-an-ldap-user/1128/2

Magic hack: https://community.hedgedoc.org/t/how-to-bind-an-oauth2-user-to-an-ldap-user/1128/2
decentral1se commented 2025-07-31 20:46:02 +00:00
Author
Owner
Copy Link

Actually it does already work but users lose all their history! Here's how to avoid that....

You might need to create a dummy test user first using your SSO login.

DONT use an email which clashes with an existing user. It will bind and delete all their history.

Then you'll be able to select that user in the db and see the profile / profileid entry.

abra app run <app> db bash
psql -U codimd
> select * from "Users";

For me (using rauthy), it was (with dummy values):

profileid    | bazbaz
profile      | {"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"}

This bazbaz is the ID value that is sent from my SSO provider. Check your SSO admin user management view.

Then, you update the user you want to bind and not lose history with those two fields.

UPDATE "Users" SET profile = '{"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"}' WHERE id = '...';
UPDATE "Users" SET profileid = 'bazbaz' WHERE id = '...';

Then log in with your SSO and you should still have your history + it binds.

Actually it does already work but users lose all their history! Here's how to avoid that.... You might need to create a dummy test user first using your SSO login. **DONT** use an email which clashes with an existing user. It will bind and delete all their history. Then you'll be able to select that user in the db and see the `profile` / `profileid` entry. ``` abra app run <app> db bash psql -U codimd > select * from "Users"; ``` For me (using `rauthy`), it was (with dummy values): ``` profileid | bazbaz profile | {"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"} ``` This `bazbaz` is the ID value that is sent from my SSO provider. Check your SSO admin user management view. Then, you update the user you want to bind and not lose history with those two fields. ``` UPDATE "Users" SET profile = '{"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"}' WHERE id = '...'; UPDATE "Users" SET profileid = 'bazbaz' WHERE id = '...'; ``` Then log in with your SSO and you should still have your history + it binds.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud decentral1se fauno flancian Frando iexos javielico jmakdah2 kawaiipunk knoflook lambdabundesverband mac-chaffee marlon mayel mirsal moritz nicksellen notplants p4u1 pau renovate-bot ripclap rix sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/hedgedoc#18
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?