OICD Keep also local login

[matteovisotto]

Is this a feature for the backend or frontend?

Frontend, Backend

What would you like?

Hi,
It would be great is SSO users and local user could use both auth methods. I mean, If I create a user using SSO then I also would like to set a password to login locally if the IdP is offline. On the other hand a user created locally with a password should also authenticate via SSO if the email match.

Why is this needed?

Better authentication

Other information

No response

[meltyshev]

Hi! I’ve thought about this too but haven’t figured out the best way to handle it. Currently, the handshake with the OIDC provider is performed only at application startup, and if the provider doesn’t respond, the default login form appears. However, this doesn’t seem like the right approach since the provider can become unavailable at any time. I’ll try to come up with a solution, or maybe someone else has some ideas.

[matteovisotto]

In my configuration the login form appears with the SSO button to login with the IdP. The problem is the follow:
I create a local user with email and password. When I login using the IdP (which returns the same email address) the user property is_sso in the database is set to true, loosing the local login.
It should just authenticate the user without updating the database record, keeping the local account, but accessing also with the IdP.
In the same way, a user created via IdP should be able to set a password to login locally.