Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth via Github forces new Lens ID to Github username, oblivious to collisions #8111

Open
emmanuel opened this issue Oct 17, 2024 · 3 comments
Open

Auth via Github forces new Lens ID to Github username, oblivious to collisions #8111

emmanuel opened this issue Oct 17, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@emmanuel
Copy link

emmanuel commented Oct 17, 2024
edited
Loading

Describe the bug
Your implementation of "Login via Github" is broken. You force Github username to be used as Lens ID, but you don't handle collisions where a Github username collides with an existing Lens ID (e.g., mine).

To Reproduce

When attempting to use Lens, I am coerced to log in with a Lens ID. When I attempt to sign in via Github auth, I am told that a user account already exists, and I am presented with a single-button modal prompt:

User with username emmanuel already exists. [Link to Existing Account].

Screenshot 2024-10-17 at 12 20 24 PM

When I click Link to Existing Account, I am present with a dialog indicating that sign in instructions have been sent via email.

Screenshot 2024-10-17 at 12 22 12 PM

No such instructions were sent. At least, not to my email address.

I can only assume that someone else has created a Lens ID that matches my Github username, and that the "Login via Github" flow naively assumes that Github username == Lens ID, when that is not enforced (possible to create a non-Github Lens ID that collides with/shadows an existing Github username) and therefore is clearly a faulty assumption.

Expected behavior
I expect the Lens ID system to have accounted for basic/fundamental issues like name collisions when handling identifiers from different namespaces (Github usernames vs Lens IDs).

More specifically, I expect the login flow to provide a route to create a non-colliding (unique) Lens ID using "Login via Github", even when the value of a Github username has already been claimed as a Lens ID.

Or better, don't assume it is safe to use a natural key/external identifier as a Lens ID (i.e., Github username). Instead, either 1) use something globally unique as the Lens ID (e.g., email address), or 2) use a synthetic identifier and avoid collisions.

Screenshots
See above, inline.

Environment (please complete the following information):
Lens ID account creation / login flow on the website

Logs:
n/a

Kubeconfig:
n/a

Additional context
n/a
@emmanuel emmanuel added the bug Something isn't working label Oct 17, 2024
@clrothmann
Copy link

Thank you for taking the time @emmanuel! We really appreciate it. The corresponding team is looking into it.

@clrothmann
Copy link

We are currently in the process of revising the sign-up/sign-in flow. I’ll make sure to provide you with an update as soon as the changes go live. Your use case should then be fixed as well.

@emmanuel
Copy link
Author

Thank you.

Sorry about the tone; I was directed to your product and excited to try it. I let my disappointment color my report more than needed.

I look forward to hearing more as changes arrive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emmanuel @clrothmann