self-hosted GitHub App and SSO - works but no user created

Self-Hosted Version

24.12.1

CPU Architecture

x86_64

Docker Version

kubernetes-sentry

Docker Compose Version

kubernetes-sentry

Machine Specification

[x] My system meets the minimum system requirements of Sentry

Steps to Reproduce

Hi,

I have setup the GitHub App as per the documentation, and while I can authenticate through GitHub, it does not create any user and falls back to the initial admin user created (which is the only one I currently have). I do have the settings "Allow Registration" to "Enabled".

I have not found any other clues as what else to configure. There is no error logs either I can find.

Note: My GitHub user has 4 different email addresses, and the 1 email linked to the GitHub organization is not the primary email.

Expected Result

I am guessing I should see a new user being created per the Sentry setting, with the default role configured.

I am happy to provide any information I can. I am not sure where to look anymore.

Actual Result

This is the logs from the web when authenticating through GitHub:

11:04:19 [INFO] sentry.access.api: api.access (method='POST' view='sentry.web.frontend.auth_organization_login.AuthOrganizationLoginView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='True' organization_id='None' auth_id='None' path='/auth/login/example/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.06760215759277344 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:27 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='False' organization_id='None' auth_id='None' path='/' caller_ip='10.10.49.117' user_agent='ELB-HealthChecker/2.0' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.001734018325805664 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:27 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='False' organization_id='None' auth_id='None' path='/' caller_ip='10.10.48.192' user_agent='ELB-HealthChecker/2.0' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.0017175674438476562 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:27 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='False' organization_id='None' auth_id='None' path='/' caller_ip='10.10.50.248' user_agent='ELB-HealthChecker/2.0' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.0020084381103515625 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:30 [INFO] sentry.superuser: superuser.needs-validation (DISABLE_SU_FORM_U2F_CHECK_FOR_LOCAL=False self_hosted=True)
11:04:30 [INFO] sentry.superuser: superuser.logged-in (ip_address='84.222.22.222' user_id=1)
11:04:30 [INFO] sentry.auth: user.auth.success (ip_address='84.222.22.222' username='[email protected]' organization_id=1)
11:04:30 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.auth_provider_login.AuthProviderLoginView' response=302 user_id='1' is_app='None' token_type='None' is_frontend_request='True' organization_id='None' auth_id='None' path='/auth/sso/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.9965147972106934 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:30 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:30 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='None' auth_id='None' path='/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.0645298957824707 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:30 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/organizations/example/issues/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:30 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:30 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.react_page.ReactPageView' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/organizations/example/issues/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.1524794101715088 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:30 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/?detailed=0&include_feature_flags=1' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:30 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/teams/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/projects/?all_projects=1&collapse=latestDeploys&collapse=unusedFeatures' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_teams.OrganizationTeamsEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/teams/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.12647390365600586 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_projects.OrganizationProjectsEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/projects/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.13736248016357422 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_details.OrganizationDetailsEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.20233154296875 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/internal/health/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/?member=1' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/assistant/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.assistant.AssistantEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='None' auth_id='None' path='/api/0/assistant/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.08217215538024902 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/broadcasts/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/users/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_index.OrganizationIndexEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='None' auth_id='None' path='/api/0/organizations/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.1268167495727539 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/searches/' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.broadcast_index.BroadcastIndexEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/broadcasts/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.11749601364135742 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_users.OrganizationUsersEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/users/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.1308748722076416 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.issues.endpoints.organization_searches.OrganizationSearchesEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/searches/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.09141373634338379 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/tags/?dataset=events&statsPeriod=14d&useCache=1' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/issues/?collapse=stats&collapse=unhandled&expand=owners&expand=inbox&limit=25&query=is%3Aunresolved%20issue.priority%3A%5Bhigh%2C%20medium%5D&savedSearch=1&shortIdLookup=1&statsPeriod=14d' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/tags/?dataset=search_issues&statsPeriod=14d&useCache=1' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/recent-searches/?limit=10&type=0' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_recent_searches.OrganizationRecentSearchesEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/recent-searches/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.10781335830688477 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_tags.OrganizationTagsEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/tags/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.12346291542053223 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_tags.OrganizationTagsEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/tags/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.13645601272583008 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:31 [INFO] sentry.access.api: api.access (method='GET' view='sentry.issues.endpoints.organization_group_index.OrganizationGroupIndexEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/issues/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.315828800201416 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/issues-count/?query=is%3Aunresolved%20is%3Afor_review%20assigned_or_suggested%3A%5Bme%2C%20my_teams%2C%20none%5D&query=is%3Aregressed&query=is%3Aescalating&query=is%3Aarchived&query=is%3Areprocessing&statsPeriod=14d' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:31 [INFO] sentry.superuser: superuser.request (url='https://sentry.aws.example.tech/api/0/organizations/example/issues-stats/?groups=11&groups=7&groups=8&groups=6&groups=4&groups=1&query=is%3Aunresolved%20issue.priority%3A%5Bhigh%2C%20medium%5D&statsPeriod=14d' method='GET' ip_address='84.222.22.222' user_id=1)
11:04:32 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:32 [INFO] sentry.superuser: superuser.superuser_access (superuser_token_id='L0Gvx30L2mZW' user_id=1 su_org_accessed='example')
11:04:32 [INFO] sentry.access.api: api.access (method='GET' view='sentry.issues.endpoints.organization_group_index_stats.OrganizationGroupIndexStatsEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/issues-stats/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.2826714515686035 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:32 [INFO] sentry.access.api: api.access (method='GET' view='sentry.api.endpoints.organization_issues_count.OrganizationIssuesCountEndpoint' response=200 user_id='1' is_app='False' token_type='None' is_frontend_request='True' organization_id='1' auth_id='None' path='/api/0/organizations/example/issues-count/' caller_ip='84.222.22.222' user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.2825124263763428 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:42 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='False' organization_id='None' auth_id='None' path='/' caller_ip='10.10.49.117' user_agent='ELB-HealthChecker/2.0' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.0017850399017333984 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:42 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='False' organization_id='None' auth_id='None' path='/' caller_ip='10.10.48.192' user_agent='ELB-HealthChecker/2.0' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.002397298812866211 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')
11:04:42 [INFO] sentry.access.api: api.access (method='GET' view='sentry.web.frontend.home.HomeView' response=302 user_id='None' is_app='None' token_type='None' is_frontend_request='False' organization_id='None' auth_id='None' path='/' caller_ip='10.10.50.248' user_agent='ELB-HealthChecker/2.0' rate_limited='False' rate_limit_category='None' request_duration_seconds=0.0020012855529785156 rate_limit_type='DNE' concurrent_limit='None' concurrent_requests='None' reset_time='None' group='None' limit='None' remaining='None')

Event ID

No response

Dec 31 '24 11:12 madchap

I disabled the GH auth and created a user with the expected email address and re-enabled. The same issue applies, and the login takes me to the initial admin user.

I then re-disabled, and put 2FA on my user. Then re-enabled GH auth. Now, I can't login :) It prompts me for 2FA even though it's asking to login with GitHub. Once I put my 2FA code, it takes me back to "Login with GitHub".

--> Enabling GH auth does not disable 2FA, contrary to what the web page says. Now on to see how i can login again.

Dec 31 '24 13:12 madchap

Hello @cathteng, can you take a look at this?

Dec 31 '24 15:12 aldy505

I am not sure at this point if what I am seeing in another try is correct, but here it is:

Make my GH email public and select the one I expect to use as part of my GH org (I have 4 of them)

Note that I would not think this matters, the permissions of the github app can see the emails.

Disable GH SSO
Manually create a user with the expected email in Sentry (defeating the purpose, but this is for testing)

I purposefully put a different "name" as a label
Step 1 does not help in creating a user in Sentry.

Re-enable GH SSO
Open incognito window and login with GH (which is now the only choice anyways)

It now puts me under the right user. However, my "name" (i.e. the label) has changed and the organization avatar picture is gone too. Reverting back (disabling GH auth and using local user) does not recover the "old name" either nor the logo. (The logo may be a kubernetes thing).

I also noticed that deleting a user in Sentry does not really delete it. So re-trying with the same email address may not reflect accurately any tests being done.

Dec 31 '24 16:12 madchap

We're encountering the same but with Azure AD SSO. It looks like Sentry is using the SSO credentials used to configure the initial SSO connection and maps them on the admin user.

example:

There's an initial admin user present on Sentry: '[email protected]'
There's my personal Azure AD account: '[email protected]'. I use this account to perform the Sentry configuration steps of AzureAD SSO.

I'm logged in on Sentry via '[email protected]'. Then I enter the SSO details at $domain/organizations/sentry/auth/configure/ and I get the Azure AD authentication popup. Here I authenticate as my personal user [email protected]. The SSO configuration succeeds and is saved.

When I now start an incognito browser session and want to login to Sentry via SSO as '[email protected]', I'm logged in as [email protected]. There's no presence whatsoever of my personal user account [email protected].

This flow was tested multiple times on v25.2.0.

I can't believe this is expected behaviour as I've never seen it before in any other app we've bound to Azure AD. Could this be a bug?

Edit: I was able to work around this by adjusting identity entries in the sentry_authidentity table. You can delete the first user (in my case this was the user used for setting up SSO). Then re-login using that useraccount. A secondary object will be created and you can recorrect it via the user ids. Not sure what the longterm impact is, but I think it's pretty safe 😄

select * from auth_user;
select * from sentry_authidentity
delete from sentry_authidentity where id=1;
update sentry_authidentity set user_id=3 where id=1;
update sentry_authidentity set user_id=1 where id=1;

Mar 11 '25 12:03 thomasmeeus

Thanks a lot @thomasmeeus I had the same issue with a fresh install with Sentry 24.8.0.

Your work around fix it.

Mar 19 '25 19:03 cpatry-poly

self-hosted self-hosted copied to clipboard

GitHub App and SSO - works but no user created

Self-Hosted Version

CPU Architecture

Docker Version

Docker Compose Version

Machine Specification

Steps to Reproduce

Expected Result

Actual Result

Event ID

self-hosted
self-hosted copied to clipboard