Add option for trusted providers to associate with existing accounts. (fixes #252)

Signed-off-by: Jason Volk <jason@zemos.net>
2026-03-04 09:00:26 +00:00
parent b423e1c5e6
commit 93aee26e11
3 changed files with 52 additions and 6 deletions
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -2741,6 +2741,25 @@ pub struct IdentityProvider {
 	#[serde(default)]
 	pub userid_claims: BTreeSet<String>,

+	/// Trusted providers can cause username conflicts (i.e. account hijacking)
+	/// but this is precisely how an existing matrix account can be associated
+	/// with a provider. When this option is set to true, the way we compute a
+	/// Matrix UserId from userinfo claims is inverted: we find the first
+	/// matching user and grant access to it. Whereas by default, when set to
+	/// false, we skip matching users and register the first available username;
+	/// falling-back to random characters to avoid conflicts.
+	///
+	/// Only set this option to true for providers you self-host and control.
+	/// Never set this option to true for the public providers such as GitHub,
+	/// GitLab, etc.
+	///
+	/// Note that associating an existing user with an untrusted provider is
+	/// still possible but only with the command '!admin query oauth associate'.
+	///
+	/// default: false
+	#[serde(default)]
+	pub trusted: bool,
+
 	/// Optional extra path components after the issuer_url leading to the
 	/// location of the `.well-known` directory used for discovery. If the path
 	/// starts with a slash it will be treated as absolute, meaning overwriting