Bug in OAuth2 First Login page not using prefilled username from OAuth2UserRecord

[poikilotherm]

While playing with our new Jülich DATA Beta service, I discovered that the username set in the authentication provider is never used in the first login form. This should be changed.

Digging into the code. I set the field during auth:

dataverse/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/oidc/OIDCAuthProvider.java

Lines 189 to 194 in 7227c38

	OAuth2UserRecord getUserRecord(UserInfo userInfo) {
	return new OAuth2UserRecord(
	this.getId(),
	userInfo.getSubject().getValue(),
	userInfo.getPreferredUsername(),
	null,

But the view is simply requesting the username attribute, which is never set in OAuth2FirstLoginPage.init():

dataverse/src/main/webapp/oauth2/firstLogin.xhtml

Lines 43 to 46 in 7227c38

	<div class="col-sm-4">
	<p:inputText id="username" styleClass="form-control" value="#{OAuth2FirstLoginPage.username}" validator="#{OAuth2FirstLoginPage.validateUserName}"/>
	<p:message for="username" display="text"/>
	</div>

As always most of the time: happy to contribute. This looks like it was not left out on purpose, so dunno if we need a trigger for UI team or just go ahead and fix it.

[pdurbin]

@poikilotherm as always, thanks for the bug report! Please go ahead and try to fix it! Thanks! 😄

[espenfl]

Dear everyone. We also noticed this upon enabling OIDC for our organization. Would be nice to fill the user name as well. By the way, would @ in the user name be supported?

[pdurbin]

By the way, would @ in the user name be supported?

@espenfl you are welcome to open an issue about this. Here's the code we use: https://github.com/IQSS/dataverse/blob/v5.2/src/main/java/edu/harvard/iq/dataverse/UserNameValidator.java#L36

[pdurbin]

This issue should be easier to work on now that developers have a simple way to spin up Keycloak on their laptops:

• 9228 - add OIDC development setup for OIDC login feature testing #9234

By the way, @espenfl since I'm leaving a comment anyway, I'm not sure if you ever created a dedicated issue about supporting @ in usernames, but if you're still interested in this, please go ahead and create one (and please comment here with the issue number). Thanks.

[RemieJanssen]

We use a OIDC connection for auth in our Dataverse, and we are also interested in having the username prefilled.
(In fact, we would prefer to skip this 'first login' form altogether, and rely on the information from the OIDC connection)

I dug through the code some more and found this comment

dataverse/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2FirstLoginPage.java

Lines 295 to 300 in cf174b2

	public void setNewUser(OAuth2UserRecord newUser) {
	this.newUser = newUser;
	// uncomment to suggest username to user
	//setUsername(newUser.getUsername());
	setSelectedEmail(newUser.getDisplayInfo().getEmailAddress());
	}

I guess that the setNewUser method is still called from the following line, but I'm not so familiar with the code base yet...

dataverse/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java

Line 128 in cf174b2

newAccountPage.setNewUser(oauthUser);

This would suggest that uncommenting the line setUsername(newUser.getUsername()); might solve the problem. Looking at the blame, it seems @pdurbin has disabled this about 8 years ago. Do you recall why, and do you still stand by that?

[cmbz]

To focus on the most important features and bugs, we are closing issues created before 2020 (version 5.0) that are not new feature requests with the label 'Type: Feature'.

If you created this issue and you feel the team should revisit this decision, please reopen the issue and leave a comment.