[DFC Orders] Improve OIDC Error Handling #12987
Comments
I understand it like this:
I can't link both accounts to the same OIDC account. Is that correct? If I change the email on OFN can I link all these accounts to the same OIDC account or is the problem elsewhere? PS: just a note on issues writing @RaggedStaff - as you are doing all the testing for this piece of work I understand you and Maikel are creating issues quickly and it's clear for you both. But if one day Maikel is sick or the OFN testing team needs to step in, we would need issues according to template, or at least with clear acceptance tests criteria. Happy to discuss this further on future budgets. |
The OFN email address shouldn't matter. It's only a problem if you had multiple OIDC accounts with the same email address. |
No, if you have two accounts on the same OFN server then you can't link them to the same OIDC account. Otherwise the API doesn't know which of the two user accounts you want to access. But in your example, you have two different servers and each of them has only one account linked to the same OIDC account. That works and we could use Lescommuns for single-sign-on. |
The OFN email address shouldn't matter at all for OIDC here. |
|
Estimate: 1 day. |
ℹ️ Funded Feature. Please track ALL ASSOCIATED WORK under the associated tracking code
#11678 DFC OrdersNeed to clean up OIDC processes to provide more meaningful error messging - currently just returning 500 errors.
Agreed we will never support linking multiple OFN accounts to the same OIDC account (needs error handling/meaningful message)
I (@RaggedStaff ) repeatedly get an error when attempting to link to my Keycloak realm admin account, other accounts work fine. Could this be due to duplication: I have a regular (non-producer/non-admin) OFN account with the same email, but not sure how that would impact ? Can we pass more detail back from the Keycloak response to better understand this errror ?
The text was updated successfully, but these errors were encountered: