allow importing existing users when the localpart matches in upstream OAuth 2.0 logins

2025-06-12 16:37:57 +02:00
parent 774c8786ff
commit 1886e73e40
15 changed files with 657 additions and 26 deletions
--- a/docs/config.schema.json
+++ b/docs/config.schema.json
@@ -2361,6 +2361,14 @@
        "template": {
          "description": "The Jinja2 template to use for the localpart attribute\n\nIf not provided, the default template is `{{ user.preferred_username }}`",
          "type": "string"
+        },
+        "on_conflict": {
+          "description": "How to handle conflicts on the claim, default value is `Fail`",
+          "allOf": [
+            {
+              "$ref": "#/definitions/OnConflict"
+            }
+          ]
        }
      }
    },
@@ -2397,6 +2405,25 @@
        }
      ]
    },
+    "OnConflict": {
+      "description": "How to handle an existing localpart claim",
+      "oneOf": [
+        {
+          "description": "Fails the sso login on conflict",
+          "type": "string",
+          "enum": [
+            "fail"
+          ]
+        },
+        {
+          "description": "Adds the oauth identity link, regardless of whether there is an existing link or not",
+          "type": "string",
+          "enum": [
+            "add"
+          ]
+        }
+      ]
+    },
    "DisplaynameImportPreference": {
      "description": "What should be done for the displayname attribute",
      "type": "object",