@@ -366,17 +366,36 @@ def sync_user_from_keycloak(
366366 logger .error ("Missing required user information from Keycloak" )
367367 return None
368368
369- # Get or create the user
370- user , created = User .objects .update_or_create (
371- keycloak_id = keycloak_id ,
372- defaults = {
373- "username" : username ,
374- "email" : email ,
375- "first_name" : user_info .get ("given_name" , "" ),
376- "last_name" : user_info .get ("family_name" , "" ),
377- "is_active" : True ,
378- },
379- )
369+ # First, try to find user by keycloak_id
370+ user = User .objects .filter (keycloak_id = keycloak_id ).first ()
371+
372+ if not user and email :
373+ # If not found by keycloak_id, check if user exists with same email
374+ # and update their keycloak_id (handles pre-existing users)
375+ user = User .objects .filter (email = email ).first ()
376+ if user :
377+ logger .info (
378+ f"Found existing user with email { email } { keycloak_id }
379+ )
380+
381+ if user :
382+ # Update existing user
383+ user .keycloak_id = keycloak_id
384+ user .username = username
385+ user .email = email
386+ user .first_name = user_info .get ("given_name" , "" ) or user .first_name
387+ user .last_name = user_info .get ("family_name" , "" ) or user .last_name
388+ user .is_active = True
389+ else :
390+ # Create new user
391+ user = User (
392+ keycloak_id = keycloak_id ,
393+ username = username ,
394+ email = email ,
395+ first_name = user_info .get ("given_name" , "" ),
396+ last_name = user_info .get ("family_name" , "" ),
397+ is_active = True ,
398+ )
380399
381400 # Update user roles based on Keycloak roles
382401 if "admin" in roles :
0 commit comments