OICD Keep also local login #654

New Issue

Open

opened 2026-02-04 20:42:50 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-04 20:42:50 +03:00

Owner

Copy Link

Originally created by @matteovisotto on GitHub (Feb 12, 2025).

Is this a feature for the backend or frontend?

Frontend, Backend

What would you like?

Hi,
It would be great is SSO users and local user could use both auth methods. I mean, If I create a user using SSO then I also would like to set a password to login locally if the IdP is offline. On the other hand a user created locally with a password should also authenticate via SSO if the email match.

Why is this needed?

Better authentication

Other information

No response

Originally created by @matteovisotto on GitHub (Feb 12, 2025). ### Is this a feature for the backend or frontend? Frontend, Backend ### What would you like? Hi, It would be great is SSO users and local user could use both auth methods. I mean, If I create a user using SSO then I also would like to set a password to login locally if the IdP is offline. On the other hand a user created locally with a password should also authenticate via SSO if the email match. ### Why is this needed? Better authentication ### Other information _No response_

OVERLORD added the enhancement label 2026-02-04 20:42:50 +03:00

OVERLORD commented 2026-02-04 20:42:54 +03:00

Author

Owner

Copy Link

@meltyshev commented on GitHub (Feb 13, 2025):

Hi! I’ve thought about this too but haven’t figured out the best way to handle it. Currently, the handshake with the OIDC provider is performed only at application startup, and if the provider doesn’t respond, the default login form appears. However, this doesn’t seem like the right approach since the provider can become unavailable at any time. I’ll try to come up with a solution, or maybe someone else has some ideas.

@meltyshev commented on GitHub (Feb 13, 2025): Hi! I’ve thought about this too but haven’t figured out the best way to handle it. Currently, the handshake with the OIDC provider is performed only at application startup, and if the provider doesn’t respond, the default login form appears. However, this doesn’t seem like the right approach since the provider can become unavailable at any time. I’ll try to come up with a solution, or maybe someone else has some ideas.

OVERLORD commented 2026-02-04 20:42:57 +03:00

Author

Owner

Copy Link

@matteovisotto commented on GitHub (Feb 13, 2025):

In my configuration the login form appears with the SSO button to login with the IdP. The problem is the follow:
I create a local user with email and password. When I login using the IdP (which returns the same email address) the user property is_sso in the database is set to true, loosing the local login.
It should just authenticate the user without updating the database record, keeping the local account, but accessing also with the IdP.
In the same way, a user created via IdP should be able to set a password to login locally.

@matteovisotto commented on GitHub (Feb 13, 2025): In my configuration the login form appears with the SSO button to login with the IdP. The problem is the follow: I create a local user with email and password. When I login using the IdP (which returns the same email address) the user property is_sso in the database is set to true, loosing the local login. It should just authenticate the user without updating the database record, keeping the local account, but accessing also with the IdP. In the same way, a user created via IdP should be able to set a password to login locally.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

gh-pages

dependabot/npm_and_yarn/multi-795903f3f3

dependabot/npm_and_yarn/server/multi-60f2582fdd

dependabot/npm_and_yarn/client/qs-6.14.2

dependabot/npm_and_yarn/client/markdown-it-14.1.1

v2.0.2

planka-2.0.2

v2.0.1

planka-2.0.1

v2.0.0

planka-2.0.0

planka-1.1.2

planka-1.1.1

planka-1.1.0

planka-1.0.5

planka-1.0.4

v2.0.0-rc.4

v1.26.3

planka-0.2.26

planka-1.0.3

planka-1.0.2

v2.0.0-rc.3

planka-1.0.1

planka-1.0.0

v2.0.0-rc.2

planka-0.2.25

v1.26.2

v1.26.1

planka-0.2.24

v1.26.0

planka-0.2.23

v1.25.1

planka-0.2.22

v1.25.0

planka-0.2.21

v1.24.4

planka-0.2.20

v1.24.3

planka-0.2.19

planka-0.2.18

v1.24.2

planka-0.2.17

planka-0.2.16

v1.24.1

planka-0.2.15

v1.24.0

planka-0.2.14

v1.23.5

v1.23.4

planka-0.2.13

planka-0.2.12

v1.23.3

planka-0.2.11

v1.23.2

planka-0.2.10

v1.23.1

planka-0.2.9

v1.23.0

v1.22.0

planka-0.2.8

Labels

Clear labels

bug

bug

documentation

documentation

duplicate

enhancement

good first issue

help wanted

pull-request

Mirrored from GitHub Pull Request

question

wontfix

No Label enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/planka#654