OAuth2 + “Disallow User Registration” prevents new users from being created via external IdP #5648
Description
Pre-submission Checklist
- I have searched the existing issues and this bug has not been reported yet
- I have tested this issue on the demo site or the latest version
Where did you encounter this bug?
Latest stable version (self-hosted)
Memos Version
v0.26.1
Bug Description
When OAuth2 authentication is configured and the “Disallow user registration” setting is enabled, new users authenticating through an external Identity Provider (IdP) are not created in the system.
This results in successful authentication at the IdP level but failure to provision a corresponding local user account.
Steps to Reproduce
- Configure OAuth2 with an external IdP.
- Enable “Disallow user registration” in system settings.
- Attempt login with a user that:
- Exists in the external IdP
- Does NOT yet exist in the local system
- Observe login behavior.
Expected Behavior
One of the following:
- Option A: External IdP users should still be auto-provisioned even if local registration is disabled.
- Option B: System should clearly document that external user provisioning is blocked when registration is disabled.
- Option C: Provide a separate toggle for:
- Local user self-registration
- External IdP auto-provisioning
Screenshots & Additional Context
No response