Social Login only for Registered Users

Infos:

  • Used Zammad version: 3.3.0
  • Used Zammad installation source: source
  • Operating system: Ubuntu 18.04
  • Browser + version: Google Chrome 80.0.3987.149

Expected behavior:

I was able to activate the social login feature of Zammad. The problem I am facing: It works really well for users not being already registered. I require a setup where the admin has full control over the user management and the social login is a feature for the user to ease the interaction with Zammad because they do not have to remember another password.

A user sees the offer to use Google Login (as soon as it is configured in Zammad), uses it and is logged in - no matter if he is a new user or if there is already an existing user account for this email address or not.

Actual behavior:

  • Google OAuth2 is activated
  • Zammad authenticates against Google
  • If the user doesn’t exist everything works finde
  • If the user exists the error message 422: The change you wanted was rejected. is shown

Steps to reproduce the behavior:

  • Create a user with an email address for which there is also a Google Account
  • Enable login via Google according to the docs
  • Try to login via Google

Sorry but that’s not possible in Zammad.

By the way, this also occurs when receiving mails of to you unknown users. Zammad will automatically create a user account for the user, as it’s technically required for tickets to exist.

You currently can’t forbidd users to create accounts via third party authentications.
Besides, there’s already a feature request on our backlog to address this.

You can find it here if you want to subscribe to it: https://github.com/zammad/zammad/issues/2503

Thank you very much for your reply. I read and tried to understand the cited issue https://github.com/zammad/zammad/issues/2503 and came to the conclusion that this issue only covers the aspect of unwanted registration.

The problem with the error message when an already registered and active user wants to use the social login feature (e.g. Google OAuth2) isn’t addressed there. Am I right? Do you have any further information on that topic? Thank you!

Issue 2503 already is the right issue for that.
Currently it’s missing me bringing it into shape to hold the “disallow registration via third party authentications if disabled”.

I’ve got that on my list.
I can’t provide any further information on that topic, I’m sorry.

1 Like