request #42596 Cannot register new account from AzureAD OAuth

Infos

Artifact ID#42596

Submitted byAurélien Tisné (atisne)

Last Modified On2025-04-10 18:48

Submitted on2025-04-07 16:48

Rank44272

Details

Summary *

Cannot register new account from AzureAD OAuth

Original Submission

Entra ID (ex AzureAD) allows several methods to authenticate a guest user on a tenant. Users of another tenant can use their own accounts and users that do not have a Microsoft account can authenticate using a login ID sent to their email.

When a user authenticates from our own tenant, Microsoft UserInfo endpoint provides attributes:

sub,
name,
family_name,
given_name,
picture,
email.

But, when a user authenticates through an external tenant or using an alternate login ID, Microsoft UserInfo endpoint provides only attributes:

sub,
name,
picture,
email

So, when Tuleap needs to create an account to register a new user, it fails to build a username and the authentication is not possible.

We propose to check if the name attribute is available in the flow response, in addition to the attribute preferred_username, to maximize the probability to be able to build the username.

CategoryAuthentication & LDAP

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2025-04-10

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #41832	Tuleap	Releases	16.7	Delivered	2025-04-23 15:25	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #42596

Git commit

tuleap/tuleap/stable

fix: request #42596 Allow to generate an username using the `name` or `email` attributes of an OIDC UserInfo 927023cdf9

Thomas Gerbet (tgerbet) , 2025-04-10 13:31

Merge commit 'refs/changes/77/34077/3' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD b9fcac4c11

Joris MASSON (jmasson) , 2025-04-10 18:46

refactor: OIDC username generator tests should have a consistent structure 1295b3689f

Thomas Gerbet (tgerbet) , 2025-04-17 14:02

Show items referenced by request #42596

Referenced by request #42596

Artifact Tracker v5

rel #41832 16.7

Git commit

tuleap/tuleap/stable

fix: request #42596 Allow to generate an username using the `name` or `email` attributes of an OIDC UserInfo 927023cdf9

Thomas Gerbet (tgerbet) , 2025-04-10 13:31

Other

Follow-ups

Joris MASSON (jmasson)

2025-04-10 18:48

The change has been merged, it will be available shortly on the next Tuleap Community version

Assigned to changed from None to Thomas Gerbet (tgerbet)
Connected artifacts
- Added Fixed in: rel #41832

Tracker Workflow Manager (forge__tracker_workflow_manager)

2025-04-10 18:47

request fixed by @tgerbet with git #tuleap/stable/927023cdf965c8ba5e6cffaf4921a6825fdebd71.

Status changed from Under review to Closed
Close date set to 2025-04-10

Aurélien Tisné (atisne)

2025-04-07 18:04

It looks good.

Too quick! I didn't have time to push my patch :-D

Thomas Gerbet (tgerbet)

2025-04-07 17:37

Thanks for the detailed report, see gerrit #34077 for the fix.

Status changed from New to Under review
Reported in version set to All