starred/bambuddy

Fork 0

mirror of https://github.com/maziggy/bambuddy.git synced 2026-05-09 05:35:30 +02:00

[GH-ISSUE #1173] [Bug]: SSO/OIDC Account creation behavior #848

New issue

Open

opened 2026-05-06 12:33:23 +02:00 by BreizhHardware · 5 comments

BreizhHardware commented

2026-05-06 12:33:23 +02:00

Owner

Originally created by @G4mm3l on GitHub (Apr 30, 2026).
Original GitHub issue: https://github.com/maziggy/bambuddy/issues/1173

Originally assigned to: @netscout2001 on GitHub.

Component

Bambuddy

Bug Description

I was able to successfully integrate the OIDC connection via Authentik. However, I noticed that when Bambuddy creates an account for a user who does not yet exist, it assigns an ID as the name rather than username which comes from the IdP. The new user is automatically assigned to the “Viewers” group. Changing the permissions is only possible once an email address has also been added.

It might make sense to use the attributes from the IdP, such as preferred_username and email, and store the OIDC ID separately.

Expected Behavior

New Account creation listed with username and email with groups synced to their group-permissions

Steps to Reproduce

Go to oidc config
set Auto-create users to true
login with new user which isn't registered on bambuddy

Printer Model

None

Bambuddy Version

v0.2.3.2

SpoolBuddy Version

No response

Printer Firmware Version

No response

Installation Method

Docker

Operating System

Linux (Ubuntu/Debian)

Relevant Logs / Support Package

No response

Screenshots

No response

Additional Context

No response

Checklist

I have searched existing issues to ensure this bug hasn't already been reported
I am using the latest version of Bambuddy
My printer is set to LAN Only mode
My printer has Developer Mode enabled

Originally created by @G4mm3l on GitHub (Apr 30, 2026). Original GitHub issue: https://github.com/maziggy/bambuddy/issues/1173 Originally assigned to: @netscout2001 on GitHub. ### Component Bambuddy ### Bug Description I was able to successfully integrate the OIDC connection via Authentik. However, I noticed that when Bambuddy creates an account for a user who does not yet exist, it assigns an ID as the name rather than username which comes from the IdP. The new user is automatically assigned to the “Viewers” group. Changing the permissions is only possible once an email address has also been added. It might make sense to use the attributes from the IdP, such as preferred_username and email, and store the OIDC ID separately. ### Expected Behavior New Account creation listed with username and email with groups synced to their group-permissions ### Steps to Reproduce 1. Go to oidc config 2. set Auto-create users to true 3. login with new user which isn't registered on bambuddy ### Printer Model None ### Bambuddy Version v0.2.3.2 ### SpoolBuddy Version _No response_ ### Printer Firmware Version _No response_ ### Installation Method Docker ### Operating System Linux (Ubuntu/Debian) ### Relevant Logs / Support Package _No response_ ### Screenshots _No response_ ### Additional Context _No response_ ### Checklist - [x] I have searched existing issues to ensure this bug hasn't already been reported - [x] I am using the latest version of Bambuddy - [x] My printer is set to LAN Only mode - [x] My printer has Developer Mode enabled

BreizhHardware added the

contrib

bug

labels

2026-05-06 12:33:23 +02:00

BreizhHardware commented

2026-05-06 12:33:23 +02:00

Author

Owner

@cadtoolbox commented on GitHub (Apr 30, 2026):

This bug is applicable for the Azure Entra ID method as well, but we also don't have auto-create accounts enabled so it was a non-issue.

@cadtoolbox commented on GitHub (Apr 30, 2026): This bug is applicable for the Azure Entra ID method as well, but we also don't have auto-create accounts enabled so it was a non-issue.

BreizhHardware commented

2026-05-06 12:33:23 +02:00

Author

Owner

@netscout2001 commented on GitHub (Apr 30, 2026):

This bug is applicable for the Azure Entra ID method as well, but we also don't have auto-create accounts enabled so it was a non-issue.

Thanks for the heads-up! The fix covers Azure Entra ID through the same code path.

@netscout2001 commented on GitHub (Apr 30, 2026): > This bug is applicable for the Azure Entra ID method as well, but we also don't have auto-create accounts enabled so it was a non-issue. Thanks for the heads-up! The fix covers Azure Entra ID through the same code path.

BreizhHardware commented

2026-05-06 12:33:23 +02:00

Author

Owner

@netscout2001 commented on GitHub (May 1, 2026):

@G4mm3l

Can you provide more information as requested in the pull request #1176?

@netscout2001 commented on GitHub (May 1, 2026): @G4mm3l Can you provide more information as requested in the pull request #1176?

BreizhHardware commented

2026-05-06 12:33:23 +02:00

Author

Owner

@G4mm3l commented on GitHub (May 1, 2026):

Hey there @netscout2001, big thanks for enhancing this topic!
Regarding question 3 saving changes in the UI on OIDC created accounts i've had these behaviour:

the account gets created with ID:

Now it is impossible to save group-settings, because the email form is empty.
If i do any changes to the checkboxes, the save-button stays disabled.

If i write something to the form, the button is clickable now

I thought it should be a good way also to set the email address that comes from the IdP as well because of possible email-notifications through bambuddy.
It also would be a nice feature to sync users to their groups automatically if the groupname is also present in bambuddy, when the group claim is used.

I also discovered, that if i manually delete an existing oidc account in bambuddy, it is also possible to log in again via IdP but the user isnt created again on userlist. But i'm still testing this behaviour and would report a new issue regarding this.

@G4mm3l commented on GitHub (May 1, 2026): Hey there @netscout2001, big thanks for enhancing this topic! Regarding question 3 saving changes in the UI on OIDC created accounts i've had these behaviour: 1. the account gets created with ID: <img width="449" height="657" alt="Image" src="https://github.com/user-attachments/assets/2b3c68ea-44ac-4c33-a2cd-b8af45da0a1c" /> Now it is impossible to save group-settings, because the email form is empty. 2. If i do any changes to the checkboxes, the save-button stays disabled. <img width="425" height="261" alt="Image" src="https://github.com/user-attachments/assets/41f1ebd4-b089-44a8-8382-acc31f76d910" /> 3. If i write something to the form, the button is clickable now <img width="423" height="515" alt="Image" src="https://github.com/user-attachments/assets/fcce11d2-d51d-4ada-a654-325caf75a25a" /> I thought it should be a good way also to set the email address that comes from the IdP as well because of possible email-notifications through bambuddy. It also would be a nice feature to sync users to their groups automatically if the groupname is also present in bambuddy, when the group claim is used. I also discovered, that if i manually delete an existing oidc account in bambuddy, it is also possible to log in again via IdP but the user isnt created again on userlist. But i'm still testing this behaviour and would report a new issue regarding this.

BreizhHardware commented

2026-05-06 12:33:24 +02:00

Author

Owner

@netscout2001 commented on GitHub (May 2, 2026):

Thread 1 & 2 is adressed here: https://github.com/maziggy/bambuddy/pull/1176
Thread 3 is out of scope for this PR: Neither the maintainer nor the contributor can reproduce this on current dev. The UsersPage edit modal disables password-reset/email controls but not groups or permissions, and email is optional in the schema. Dropped from this PR's scope — reduced to "needs reporter repro" in https://github.com/maziggy/bambuddy/issues/1173 for a separate follow-up if concrete steps surface.

@netscout2001 commented on GitHub (May 2, 2026): Thread 1 & 2 is adressed here: https://github.com/maziggy/bambuddy/pull/1176 Thread 3 is out of scope for this PR: Neither the maintainer nor the contributor can reproduce this on current dev. The UsersPage edit modal disables password-reset/email controls but not groups or permissions, and email is optional in the schema. Dropped from this PR's scope — reduced to "needs reporter repro" in https://github.com/maziggy/bambuddy/issues/1173 for a separate follow-up if concrete steps surface.