Auth0 creates new account when GitHub mail changes

(rugk) #1

Hi, I am actually @rugkx (and, for that matter, rugk, rugkme)…

Here is what happened:

  1. For @rugkx I’ve used the GitHub login, because I do not have many choices. (I’ve complained about that stuff before, but well… there is was only subjectively broken. Now I have a real problem.)
  2. However, it did not wanted me to login and redirected (reloaded) the site or GitHub 4-5 times…
  3. Afterwards, it presented me with a new user regsitration.

The reason: I’ve changed my (commit) mail on GitHub!

Wtf? Now I cannot login with my old account anymore (unless I change the mail back, I guess.)

This is obviously a broken behaviour, because:

  1. I should totally be allowed to change my mail on GitHub to whatever I like without affecting this *** login.
  2. I have several mails set. Obviously it did not even use the public mail (visible in my profile), but my one for doing git commits! (I even have a different mail for notifications and
  3. I cannot change the mail in the user registration form.
    I am seriously offended that I cannot use a different mail here than on GitHub. I usually want to separate mails (via + prefix) and this destroys it all…
    Edit: Seems I can change my mail in the options, but obviously not to the mail of another user. (Also nice, email enumeration is possible here… #vulnerability)

Can you somehow help me? Merge my profiles?

0 Likes

(Leo McArdle) #2

Thanks for the report, we’re tracking this bug here:

To help with your issue right now though, we can do two things:

  1. You can use passwordless, google or firefox accounts to log into the original email on your original account (which is now possible)

  2. Merge your accounts and update the address on your original account to the new GitHub email - you’ll still be able to log in with passwordless, google or firefox accounts if any of them are set up with that new email.

0 Likes

(rugk) #3

Yes, I would prefer the second thing. So can you merge the accounts please?

0 Likes

(Leo McArdle) #4

Sure, it’s done. Let me know if you have any further problems.

1 Like

(rugk) #5

Ah very thanks for that. :smiley:

2 Likes

(rugk) #6

@leo Another problem: You also switched Mozillians to Auth0, as it seems.

I am now also locked out there… same problem… :sob:

Can you somehow give me access to
https://mozillians.org/de/u/rugk/?

Wait, somehow this account is now deleted or what… wtf are you doing here? (I am quite sure it was available under the URL, and already filled with info, see my profile on Discourse here)

This whole Auth0 thing just constantly creates problems, worsens security and is absolutely inconvenient
Even a separate login on any site would be better than constantly losing access to my accounts and automatic deletions, as it seems…

0 Likes

IAM for Bugzilla
Allow usual mail+password login
Mozilla’s identity and access management (IAM) initiatives
(rugk) #7

So I’ve now continued that “sign-up” form there, and now I have an empty profile again… wtf…

Can you somehow restore my old profile? (It had all infos filled in, was linked to GitHub AFAIK)

0 Likes

(rugk) #8

Also reported as an Auth0 bug now:

(You don’t know how happy I am that Bugzilla still uses a sane login method.)

0 Likes

(Henrik Mitsch) #9

I responded on the bug. Thanks for linking it here.

-Henrik

0 Likes

(Leo McArdle) closed #10
0 Likes