[
https://issues.apache.org/jira/browse/OAK-11984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18029720#comment-18029720
]
Nicola Scendoni commented on OAK-11984:
---------------------------------------
PR: [https://github.com/apache/jackrabbit-oak/pull/2581]
[~angela] Thanks for helping with this patch.
> Support UserId Change for External Users
> ----------------------------------------
>
> Key: OAK-11984
> URL: https://issues.apache.org/jira/browse/OAK-11984
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: auth-external
> Reporter: Nicola Scendoni
> Priority: Major
>
> In a typical setup with external users, Oak stores the *UserId* as both the
> {{principalName}} and the {{authorizableId}} of the user. The internal
> identifier of the user in the external Identity Provider (IdP) is stored in
> the property {{rep:externalId}}, containing the IdP name as a suffix.
> When a user changes his UserId in the external IdP, Oak currently attempts to
> create a new user entry. However, this operation fails because another user
> already exists with the same {{rep:externalId}} value.
> The proposed patch addresses this issue by reusing the existing user entry in
> the repository if a user with the same rep:externalId is found. This ensures
> that changes to the UserId in the external IdP are properly reflected in Oak
> without causing duplication or conflicts.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
