wlinna
wlinna10mo ago

How to use email address as the username with IDPs

This is both a question and a report of a potential bug. I have added Google login as one login option for an organization. The problem with this is that the email is not included as a part of the username, and this can lead to name collisions. To solve this (and for some other reasons), I want to force the user's email domain as part of their username. So instead of creating alice, I would prefer alice@gmail.com (or whatever their email address is) to be used. Here is the part that I consider buggy: I also tried using actions, but setting email as a preferred user name does not work. Email IS there, but setPreferredUsername somehow erases (or the registration field) everything from @ forward. alice@gmail.com becomes alice. However, if I set it as first name, I see the full email as a first name. Notice that I have Add organization domain as suffix to loginnames enabled (and I need it). This action demonstrates the problem with actions: 
function emailAsUsername(ctx, api) {
  logger.log('SETTING USER EMAIL AS USERNAME');
  api.setFirstName(ctx.v1.externalUser.human.email) // first name will be alice@gmail.com
  api.setPreferredUsername(ctx.v1.externalUser.human.email) // email will be 'alice" + the organization suffix
}
function emailAsUsername(ctx, api) {
  logger.log('SETTING USER EMAIL AS USERNAME');
  api.setFirstName(ctx.v1.externalUser.human.email) // first name will be alice@gmail.com
  api.setPreferredUsername(ctx.v1.externalUser.human.email) // email will be 'alice" + the organization suffix
}
I use Zitadel v2.58.2 with Postgres
1 Reply
wlinna
wlinnaOP10mo ago
I get what I want if I call it like this: 
  const username = ctx.v1.externalUser.human.email + '@' + ctx.v1.authRequest.requestedPrimaryDomain;
  api.setPreferredUsername(username);
  const username = ctx.v1.externalUser.human.email + '@' + ctx.v1.authRequest.requestedPrimaryDomain;
  api.setPreferredUsername(username);
So basically I have to add the primary domain to prevent the stripping of the email domain from the username

Did you find this page helpful?