Invite by email and OpenID connect

Hi! :slight_smile:

I’m running a self-hosted GitLab 14.8.x and I have an external OpenID Connect Identity Provider configured for authentication. Works fine, so far :slight_smile:

I want the project owners to be able to invite new users to their projects. Those new users have existing accounts in my OIDC IdP, but might have never logged in to GitLab, so there is no local GitLab account. Now, we use the “invite by email” feature for these new users. The user receives the invitation mail for a project, clicks on the link, signs in with their OIDC credentials, is redirected to the project and … gets a 404 error :frowning:

From what I can see:

  • the invitation is still pending (in the membership settings of the project)
  • a local GitLab account has been created when the user logged in with their OIDC credentials
  • the permissions for the project the user has been invited to are not granted to the account

I can make it work if the account is created locally in GitLab before the invitation and I then invite the account, not just an email address. But creating accounts manually misses the point why I’m using an external IdP altogether. And it does not scale well :grimacing:

Did I overlook something? Am I holding it wrong?

I found this Issue: 404 when an invited user to a project clicks link in the invitation email and logs in (#324000) · Issues · GitLab.org / GitLab · GitLab - which looks like the same symptom, but it has been closed because of inactivity.