Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add a custom google backend for sso #27082

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

zlwaterfield
Copy link
Contributor

@zlwaterfield zlwaterfield commented Dec 19, 2024

Changes

Our current system stores google-oauth2 uids as emails which makes it so if a customer changes their domain in GSuite, none of their users can login because it's looking against the old email domain. This PR updates our system to use the OpenID sub, which is guaranteed to be a unique and consistent identifier for the user.

It inherits from the existing class so all other functions will fall to the inheritance.

It's implemented in a way that it has backwards compatibility for existing users and slowly migrates them as they login. Over time this custom class could be removed and it be updated to use the default social core get_user_id and setting the settings.USE_UNIQUE_USER_ID = True option.

Here is the social core method: https://github.com/python-social-auth/social-core/blob/master/social_core/backends/google.py#L12-L20

👉 Stay up-to-date with PostHog coding conventions for a smoother review.

Does this work well for both Cloud and self-hosted?

Yes

How did you test this code?

Add light tests manually tested:

  • existing user with email as uid
  • existing user with sub as uid
  • new user

@zlwaterfield zlwaterfield self-assigned this Dec 19, 2024
Copy link
Contributor

@patricio-posthog patricio-posthog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks for this change, Zach!

Copy link
Contributor

@benjackwhite benjackwhite left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Obviously a little risky change but the code seems solid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants