[keycloak-dev] Can't login with email as username if another user has same email
Stian Thorgersen
sthorger at redhat.com
Fri Nov 10 01:13:52 EST 2017
If user#1 has the username 'user at host.com' with no email, and user#2 has
the email 'user at host.com', user#1 would not be able to login.
In this case user#1 would have to contact the admin who would have to
change the username or add an email.
This issue was reported a while back by our QE [1], but AFAIK no actual
users have run into this problem and it seems unlikely that it'll be a real
problem.
I'm leaning towards just closing this issue as won't fix.
Best ideas I have for solving is:
1. Make sure username can't match email of another user. Not sure how we
could do this as I'm pretty sure that couldn't be done with SQL.
2. Add a code check for for the above. It won't be guaranteed, but maybe
good enough?
3. Add option to set if realm should allow login by "Username and email",
"Username only" or "Email only". For the "Username and email" option we
should document the fact that this issue can happen and that email always
wins.
[1] https://issues.jboss.org/browse/KEYCLOAK-4466
More information about the keycloak-dev
mailing list