Generalise email sync to multi-provider profile sync
Description
Generalise the recently added email-sync feature (!11268 (merged)) to a profile sync from multiple providers.
While the current email-sync from a single provider is great when the administrator has configured a single provider, it seems less useful for when the admin allows their users to sign in from multiple providers, as only a subset of users will then benefit from the sync.
Generalising this keeps a user's profile updated from the identity provider of their choosing, irrespective of the administrator's configuration.
Proposal
- To sync a user's profile, not just their email address.
- To sync from all configured providers, not just a single one.
Suggestion on how to implement this:
- To introduce a new option named
sync_profile_from_provider
and make its value support:
- A string: Sync from just this provider (this gives backward compatibility).
- A list: Sync from this set of providers.
- True: Sync from all configured providers.
- False/nil: Disable sync.
- To make the existing
sync_email_from_provider
an alias of the new option, for backward compatibility. - To add a new option
sync_profile_claims_from_provider=["name", "email", "location", "twitter", ...]
to specify what claims to sync. The option defaults to["email"]
for backward compatibility. And it could be set totrue
to indicate: Sync any claim that the provider supports (which could be the most common use case?).
It would be interesting to know how many users actually have more than one provider attached to their account, as it might be confusing if the profile being updated from different providers. However, even in that case I do not expect a user to alternate login methods on a regular basis, and the above still gives an admin the power to limit syncing to a single provider in case this is a problem for them.
Links / references
- !11268 (merged): Sync email address from specified omniauth provider.
Documentation blurb
Overview
Use cases
- An administrator has a single provider configured, and would like user profiles (not just email) to be synced from it.
- An administrator has multiple providers configured, and would like to sync user profiles from the the provider of a user's choosing. This is based on the assumption that most (if not all) users will just have one provider connected to their account.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml