Description
- Gitea version (or commit ref): 1.14.3, binary release
- Database (use
[x]):- PostgreSQL
- MySQL
- MSSQL
- SQLite
- Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No (--> there is no OpenID logon button)
Description
Hi,
Thanks for the great software!
I integrated Gitea with Keycloak via OpenID - it works smoothly! There is one small flaw I am noticing however: whilst the user is prohibited from changing their email address in their profile after signing up (which is perfect, as their should be no email-address inconsistencies across services hooked up to the SSO), they ARE given the option to set their email address at their first logon to Gitea.
It'd be fantastic if this could be prohibited / "greyed out" by an administrative option, in order for the user not getting tempted to modify the email address that is set in their SSO backend.
This would benefit environments which rely on consistent user profile data across services.
Screenshots
Best
Georg
Edit: I just realized that the same is the case with the username, which the user is being told "Non-local users are not allowed to change their username. Please contact your site administrator for more details. " in the profile (which is perfect), whilst they were able to define their own Gitea username upon their first OIDC authentication to Gitea. Maybe the hole "Register new account" section could be administratively set to force username and email address values, with the "Link to an existing account" section only allowing to link to an account matching the email address?
Apologies for the long description - I hope it makes sense.