Skip to content

fix(web): Add AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING#849

Merged
brendan-kellam merged 5 commits intomainfrom
bkellam/fix-SOU-354
Feb 4, 2026
Merged

fix(web): Add AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING#849
brendan-kellam merged 5 commits intomainfrom
bkellam/fix-SOU-354

Conversation

@brendan-kellam
Copy link
Contributor

@brendan-kellam brendan-kellam commented Feb 3, 2026
edited by coderabbitai bot
Loading

Adds the boolean env var AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING (default: false) that, when enabled, will automatically link accounts with the same email address.

Summary by CodeRabbit

  • New Features

    • Enterprise Edition: Added automatic linking of SSO accounts with matching email addresses.

  • Documentation

    • Added enterprise configuration documentation for the email account linking feature.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 3, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Adds a new enterprise environment variable AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING (default false) to enable automatic linking of SSO accounts that share the same email. Updates include changelog, docs, server env schema, and propagation of the flag into SSO provider initializers (including a consolidated Authentik provider export).

Changes

Cohort / File(s) Summary
Changelog & Docs
CHANGELOG.md, docs/docs/configuration/environment-variables.mdx		 Added an "Added" changelog entry and documentation for AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING describing default false and automatic SSO account linking behavior.
Environment Schema
packages/shared/src/env.server.ts		 Added AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING to the server env schema as a boolean with default 'false' and descriptive text.
SSO Providers
packages/web/src/ee/features/sso/sso.ts		 Read env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING and pass an allowDangerousEmailAccountLinking flag into multiple provider initializers; introduced a single exported createAuthentikProvider(...); renamed a createGCPIAPProvider authorize parameter to _credentials.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch bkellam/fix-SOU-354

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@brendan-kellam brendan-kellam changed the title fix(web): Fix SOU-354 fix(web): Add AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING Feb 4, 2026
@brendan-kellam brendan-kellam marked this pull request as ready for review February 4, 2026 01:20
@github-actions

This comment has been minimized.

Sign in to view
@claude
Copy link

claude bot commented Feb 4, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

1 similar comment
@claude
Copy link

claude bot commented Feb 4, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

@brendan-kellam brendan-kellam merged commit 61659f9 into main Feb 4, 2026
9 checks passed
@brendan-kellam brendan-kellam deleted the bkellam/fix-SOU-354 branch February 4, 2026 01:25
@github-actions github-actions bot mentioned this pull request Feb 4, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brendan-kellam