gotrue: Unable to signIn with OpenIDConnect when already signed Up with email and password
Bug report
Describe the bug
I am unable to link/sign in with OpenID using the same email as an account signed up with email and password.
When looking at supabase logs I see,
duplicate key value violates unique constraint "users_email_key"
To Reproduce
- I sign up with email and password and I then click the verification email. I verify that the row looks good in
auth.users. - I then create an account using OpenIDConnect. The error I get back is
GotrueError(message: Database error saving new user)
let response = await supabase.auth.signUp({
email: 'someone@email.com',
password: 'RQTFSUtvkVqRfzemYsPI'
})
let response = await supabase.auth.signIn({
oidc:{
id_token: 'valid_id_token',
nonce: 'valid_nonce',
provider: 'google'
}
})
They work separately, but they fail when called after each other.
Expected behavior
I expect that I can sign in with oidc when the email is the same as an account that has already same up with email and password.
About this issue
- Original URL
- State: open
- Created 2 years ago
- Reactions: 3
- Comments: 18 (8 by maintainers)
Hey everyone, the team and I discussed this at length. Here’s our conclusions:
Thus we decided to do the following:
@experimentalannotation. We’re going to be allocating some time to do this in the next 2 to 3 weeks.Feel free to let us know how you feel about this or if we should reconsider something. Thank you for your dedication so far!
Hey everyone! Here’s the PR: https://github.com/supabase/gotrue-js/pull/603
Sorry this took so incredibly long!
Hey, this was maybe prematurely communicated. We’ll discuss with the team tomorrow and give an update. You’re right about supporting existing use cases.
@hf: It is now almost the end of January and I would like to politely ask if you have made any progress in the matter? Is there anything we can do to support you? 😃
@megacherry Hey not yet since we’ve been busy preparing stuff for Launch Week 6. https://supabase.com/launch-week
We’re going to start planning our next steps in January and this (OIDC support) is high up on our list.
I will actually be very upset if the endpoint to support oidc is removed. I and many others have spent a lot of time to support OIDC. It’s required for native auth and I really hope we get clarification on what’s happening. @hf @kangmingtay
I think adding OIDC in v2 is important. Especially for google one tap login
Exactly. It seems like not much thought may have gone into the decision to remove OIDC. There’s also not that many bugs that exist. Adding OIDC was a long process but we’re slowly getting there. Most things are fixed and all that’s left is a little bug fixing. PLEASE don’t remove code for this.
Forgive my ignorance, but if OIDC is removed what happens to users who’ve created their account using Apple/Google auth? How will they sign in to the app if they can’t use their email and password? And, how will we do native sign-in?
Hey, due to issues with the quality of implementation for OIDC we’ve decided to stop supporting it and removed it from the v2 version of the client library all together.
It’s been a while, but if you could attach some logs from the failing operation we may be able to look into this issue further. Until then, I’ll close it.