Display modal before changing username

[t-aleksander]

Given the following scenario:

1. User uses DG for authentication in a service A using OIDC.
2. User sings in using DG to service A. A profile in service A gets created based on the user's login.
3. User then changed his login in DG.
4. User signs in using DG to service A again. Since the login changed a NEW profile gets created. User loses access to his old profile in service A.

Is it possible to allow the user to change his login and still access the existing profile in service A?

[t-aleksander]

The user identifier used for the OpenID login should be unique and immutable. Currently, we are using the user's username as the identifier. This is an issue since the username can be changed. Changing the identifier to something else (other than the username) would break existing end user's integrations, so the only way to fix this at this point is to make the username field immutable.

[teon]

@t-aleksander the only way we should handle this type of a scenario is:

• if we detect changing a username/login we need to display a modal with the following text:

<bold>Warning!</bold>

Changing your username/login has a signigicant impact on services that you have logged into using defguard as well as external OIDC providers.
After changing your login name you may loose access to applications (since they will not recognise you) or if your instance uses an external SSO (eg. Google/Microsoft) you may loose access to defguard itself.

Are you sure you want to proceed?

[Proceed] [Cancel]

[teon]

@t-aleksander the modal should be displayed:

• after the username in the form was acually changed
• after hitting "Save" - before actual save.
• then if someone hit's CANCEL - we get back to the form editing...