nextcloud-oidc-login
nextcloud-oidc-login copied to clipboard
pulsejet
FR: notification/documentation on oidc_login_disable_registration
Up front, my thanks an accolades for this working plugin!
Related to #14 and my recent comment.
I know that the oidc_login_disable_registration behavior is mentioned in the readme. I believe that the mistake I made (and @buekera) is easy to make: the authentication appears to go well, but it does not gain entry into nextcloud. The issue is the concept/ramifications of "registration". I wholly agree that the default behavior is reasonable and the smart thing to do.
I have two suggestions (requests):
-
Improve the documentation to include some ramifications:
- // Disable creation of new users from OIDC login + // Disable creation of users new to Nextcloud from OIDC login. + // A user may be known to the IdP but not (yet) known to Nextcloud. + // This setting controls what to do in this case. + // - 'true' (default): if the user authenticates to the IdP but is not known to Nextcloud, + // then they will be returned to the login screen and not allowed entry; + // - 'false': if the user authenticates but is not yet known to Nextcloud, + // then the user will be automatically created; note that with this setting, + // you will be allowing (or relying on) a third-party (the IdP) to create new users 'oidc_login_disable_registration' => true, -
Is there a way to mention this either in the logs or in the interface? Perhaps something referencing either "user creation", "registration", or something to indicate that this configuration stopped the user experience.
Sorry for being unresponsive.
We are actually throwing a relevant error, so it should show up when the user does not exist in NC db. Did this error not show up for you? That may be worth investigation. https://github.com/pulsejet/nextcloud-oidc-login/blob/fbedcd4ed18d73493e9265c96e4b4e7323010cfd/lib/Controller/LoginController.php#L201
But I agree this can be a bit confusing. Can you make a PR with the README change mentioned above?
