Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Microsoft Entra ID (OIDC) creates a new user when one has already been created by another connector #7029

Open
3 tasks done
tevass opened this issue Feb 12, 2025 · 2 comments
Open
3 tasks done

Bug: Microsoft Entra ID (OIDC) creates a new user when one has already been created by another connector #7029

tevass opened this issue Feb 12, 2025 · 2 comments
Labels
bug Something isn't working

Comments

@tevass
Copy link

tevass commented Feb 12, 2025
edited
Loading

Describe the bug

The Microsoft Entra ID (OIDC) SSO Connector creates a new user when one has already been created by another connector.

Expected behavior

Link the already registered user when it exists

How to reproduce?

Start Logto, configure Microsoft Entra ID (OIDC) with the Trust unverified email option either enabled or disabled, and another connector, in my case, Google Workspace. Sign in the first time with the other connector, and the second time, sign in with Microsoft Entra ID (OIDC) using the same email for both connectors. Then, check in User Management how many users were created.

Context

  • Self-hosted, Logto version = v1.24.0
    • Container (Docker image)
    • Raw Node.js

Additional information

Trying to understand what happened, I discovered that when AzureOidcSsoConnector calls getUserInfo, the getIdTokenClaims and getUserInfo functions from OidcConnector/utils didn’t return the email field. However, in the ID token payload, there was a field called preferred_username containing my user's email.
@tevass tevass added the bug Something isn't working label Feb 12, 2025
@tevass tevass changed the title bug: Microsoft Entra ID (OIDC) SSO Connector creates a new user every time Bug: Microsoft Entra ID (OIDC) SSO Connector creates a new user when one has already been created by another connector Feb 12, 2025
@tevass tevass changed the title Bug: Microsoft Entra ID (OIDC) SSO Connector creates a new user when one has already been created by another connector Bug: Microsoft Entra ID (OIDC) creates a new user when one has already been created by another connector Feb 12, 2025
@wangsijie
Copy link
Contributor

Hi, can you please share the detail user info returned from Microsoft Entra ID? You can find it in "Audit Logs", check the log to make sure you can get email from the provider.

@tevass
Copy link
Author

tevass commented Feb 17, 2025
edited
Loading

I took a screenshot of my user properties.

Image

In "Audit Logs," I selected an entry, and it contains my email under "User Principal Name" (UPN).

Image

I also took a screenshot of the "Sign-in Logs", where my email appears under "Username."

Image

I ran Logto locally to show the decoded token claims and user info in console.log.

// Decoded Token Claims
{
  email: '[email protected]',
  name: 'Estevão Biondi',
  preferred_username: '[email protected]'
}

// User Info
{
  sub: '...'
  name: 'Estevão Biondi',
  picture: 'https://graph.microsoft.com/v1.0/me/photo/$value'
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wangsijie @tevass