✨(backend) enable user creation via email for external integrations
Allow external platforms using the public API to create provisional users with email-only identification when the user doesn't yet exist in our system. This removes a key friction point blocking third-party integrations from fully provisioning access on behalf of new users. Provisional users are created with email as the primary identifier. Full identity reconciliation (sub assignment) occurs on first login, ensuring reliable user identification is eventually established. While email-only user creation is not ideal from an identity perspective, it provides a pragmatic path to unlock integrations and accelerate adoption through external platforms that are increasingly driving our videoconference tool's growth.
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
a4b76433ab
commit
8348a55f7e
@@ -95,11 +95,29 @@ class ApplicationViewSet(viewsets.GenericViewSet):
|
||||
try:
|
||||
user = models.User.objects.get(email=email)
|
||||
except models.User.DoesNotExist as e:
|
||||
raise drf_exceptions.NotFound(
|
||||
{
|
||||
"error": "User not found.",
|
||||
}
|
||||
) from e
|
||||
if (
|
||||
settings.APPLICATION_ALLOW_USER_CREATION
|
||||
and settings.OIDC_FALLBACK_TO_EMAIL_FOR_IDENTIFICATION
|
||||
):
|
||||
# Create a pending user without sub, but with an email.
|
||||
user = models.User(
|
||||
sub=None,
|
||||
email=email,
|
||||
)
|
||||
user.set_unusable_password()
|
||||
user.save()
|
||||
logger.info(
|
||||
"Provisional user created via application: user_id=%s, email=%s, client_id=%s",
|
||||
user.id,
|
||||
email,
|
||||
application.client_id,
|
||||
)
|
||||
else:
|
||||
raise drf_exceptions.NotFound(
|
||||
{
|
||||
"error": "User not found.",
|
||||
}
|
||||
) from e
|
||||
|
||||
now = datetime.now(timezone.utc)
|
||||
scope = " ".join(application.scopes or [])
|
||||
|
||||
Reference in New Issue
Block a user