Topic on Extension talk:OpenID Connect

Switching providers leads to duplicated users

2
Summary by Cindy.cicalese

If you switch providers, the old user accounts will not be usurped unless you clear the openid_connect table in the database.

Simon Stier (talkcontribs)

Switching the OIDC provider to a new one providing the same preferred_username and email leads to duplicated users even if $wgOpenIDConnect_MigrateUsersByEmail = true;

Solution for me was to delete all entries in database table 'openid_connect'

Cindy.cicalese (talkcontribs)

That makes sense. Migration only occurs when there is not yet an entry for the user in the openid_connect table. It was initially intended for migrating from another form of authentication to OpenID Connect, not between OpenID Connect providers. Your solution seems like the best one in this case. The alternative could be too broad a condition for usurping accounts, leading to potentially undesirable or unsafe migrations.