Document binding existing accounts when setting up SSO after creating local accounts #18

Open
opened 2025-07-31 20:33:32 +00:00 by decentral1se · 1 comment
Owner
Magic hack: https://community.hedgedoc.org/t/how-to-bind-an-oauth2-user-to-an-ldap-user/1128/2
Author
Owner

Actually it does already work but users lose all their history! Here's how to avoid that....

You might need to create a dummy test user first using your SSO login.

DONT use an email which clashes with an existing user. It will bind and delete all their history.

Then you'll be able to select that user in the db and see the profile / profileid entry.

abra app run <app> db bash
psql -U codimd
> select * from "Users";

For me (using rauthy), it was (with dummy values):

profileid    | bazbaz
profile      | {"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"}

This bazbaz is the ID value that is sent from my SSO provider. Check your SSO admin user management view.

Then, you update the user you want to bind and not lose history with those two fields.

UPDATE "Users" SET profile = '{"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"}' WHERE id = '...';
UPDATE "Users" SET profileid = 'bazbaz' WHERE id = '...';

Then log in with your SSO and you should still have your history + it binds.

Actually it does already work but users lose all their history! Here's how to avoid that.... You might need to create a dummy test user first using your SSO login. **DONT** use an email which clashes with an existing user. It will bind and delete all their history. Then you'll be able to select that user in the db and see the `profile` / `profileid` entry. ``` abra app run <app> db bash psql -U codimd > select * from "Users"; ``` For me (using `rauthy`), it was (with dummy values): ``` profileid | bazbaz profile | {"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"} ``` This `bazbaz` is the ID value that is sent from my SSO provider. Check your SSO admin user management view. Then, you update the user you want to bind and not lose history with those two fields. ``` UPDATE "Users" SET profile = '{"id":"bazbaz","username":"decentral1se","displayName":"decentral1se","emails":["foo@bar.com"],"provider":"oauth2"}' WHERE id = '...'; UPDATE "Users" SET profileid = 'bazbaz' WHERE id = '...'; ``` Then log in with your SSO and you should still have your history + it binds.
Sign in to join this conversation.
No description provided.