-
-
Notifications
You must be signed in to change notification settings - Fork 641
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resync OAuth profile information when users log in #986
Comments
I don't know if a refresh when user sign in is enough... 😕 |
For our use case, this is reasonable (we used to do similar for a Discourse forum, and it seemed to work alright). If a user wants to specifically force an update (which shouldn't really happen too often), they can quickly sign out and sign back in. Given that everything across fider is tied to a users account (id?), it will automatically get reflected across the site when updated. I'm not too sure of a case where it can cause a major issue if it's left unsynced for a short while |
Not really everything: Notifications are stored as plain text. So previous notifications won't get updated. Anyway, it doesn't really matter. I don't think it's a major issue, but you mentioned the moderation purpose, and being out of sync until the user log in, may be an issue for this. And even if it's reasonable for your use case, we have to think if it's the use case of the most of the people. Maybe you're right and this is the best solution, I never used SSO so I don't have enough experience I was just sharing thoughts 😄 |
This sort of leads off from #976 (and my comment there #976 (comment)), but currently OAuth profile information is only retrieved on first sign up when using fider, but never again.
A user may change their name or email through the OAuth provider (in our case, custom SSO), and this then becomes out of sync in the fider instance.
This information is already available to fider (as we provide a Profile API url when setting up OAuth), so I imagine this can be done by making a request to the API on a new sign in, retrieving the relevant information, and automatically patching the current user information with this.
The text was updated successfully, but these errors were encountered: