Content
Updated by Markus Kahl 9 days ago
### Steps to reproduce
1. In OpenProject <= 16.1, configure an OpenProject plugin, which uses `register_auth_providers`, such as [openproject-auth\_cas](https://github.com/oliverguenther/openproject-auth_cas/blob/dev/lib/open_project/auth_cas/engine.rb)
2. Update to OpenProject 16.2
3. Try logging in using that auth provider
### What is the buggy behavior?
* When returning from the auth provider (IdP) (to /auth/:provider/callback), you get a 404 page not found error in a flash message
### What is the expected behavior?
* The login should work
**OpenProject version**
_v16.2.0_
### Remarks
* the 404 error is caused [here](https://github.com/opf/openproject/blob/release/16.2/app/services/user_auth_provider_links_setter.rb#L49)
* but even without that the login would not work as we need to store what was formerly the identity\_url in the join table between users and auth providers (user\_auth\_provider\_links)
* possible way around this:
* when a plugin calls `register_auth_providers`, automatically create an `AuthProvider` record in the database
* however this block is a lambda, meaning hypothetically providers can change arbitrarily, and exist or not exist accordingly on a per-request basis
1. In OpenProject <= 16.1, configure an OpenProject plugin, which uses `register_auth_providers`, such as [openproject-auth\_cas](https://github.com/oliverguenther/openproject-auth_cas/blob/dev/lib/open_project/auth_cas/engine.rb)
2. Update to OpenProject 16.2
3. Try logging in using that auth provider
### What is the buggy behavior?
* When returning from the auth provider (IdP) (to /auth/:provider/callback), you get a 404 page not found error in a flash message
### What is the expected behavior?
* The login should work
**OpenProject version**
_v16.2.0_
### Remarks
* the 404 error is caused [here](https://github.com/opf/openproject/blob/release/16.2/app/services/user_auth_provider_links_setter.rb#L49)
* but even without that the login would not work as we need to store what was formerly the identity\_url in the join table between users and auth providers (user\_auth\_provider\_links)
* possible way around this:
* when a plugin calls `register_auth_providers`, automatically create an `AuthProvider` record in the database
* however this block is a lambda, meaning hypothetically providers can change arbitrarily, and exist or not exist accordingly on a per-request basis