Problem/Motivation

I have a site that is about to start using OpenID Connect with a custom provider. This site already uses IP Login to allow users from a few other departments to use the site in a 'logged in' manner without having to do anything. After this update these users will be able to login with OpenID Connect without first manually logging out of the site.

When they successfully login OpenID Connect (specifically openid_connect_complete_authorization()) throws a RuntimeException as the user has been logged in early via IP Login.

While my issue is triggered by IP Login I can see others having similar issues with other authentication modules hence making OpenID Connect a little more friendly with these systems.

Proposed resolution

Allow the admin to optionally ignore the RuntimeException on the admin form.

User interface changes

The admin page for OpenID Connect has a new checkbox. The label is "Override existing logged in user" and the description is "Some modules, like IP Login, allow for login to an account based on some criteria. This allows those users to still be able to login as another account."

API changes

None.

Data model changes

None.

CommentFileSizeAuthor
#2 optionally_ignore_User_already_logged_in_RuntimeException-3033966-2.patch1.44 KBgold

Comments

Gold created an issue. See original summary.

gold’s picture

gold
they/them
Location 20 minutes in the future
commented
Status: Active » Needs review
StatusFileSize
new optionally_ignore_User_already_logged_in_RuntimeException-3033966-2.patch1.44 KB

...and the patch.