Dicsonnected identities between Renku and Gitlab

[olevski]

When a user creates a renku account then they get a gitlab account automatically. We setup the renku gitlab in a way that should make it really hard to make an account there without having a renku account.

But this can happen and if the user has a Gitlab account but no renku account then they can still make the renku account with the same email as gitlab. And when they do this they cannot log into Renku and they see the screenshot below.

This scenario can occur if a user registers directly to Gitlab and then makes a renku account with the same email. Please not that the error will probably not show up the first time around - but after the first logout. So when you try to login the 2nd time you will not be able to.

To reproduce this do the following:

• log into renku with emailA
• go to gitlab to a private project, and add a member to this project with emailB - you have to make sure this user that you are adding does not already exist and that you get Gitlab to send an invitation to the emailB
• Check emailB inbox, you will get a registration link for gitlab
• Register the account with emailB on gitlab (do not use the renku option at the bottom of the form, just create the username and password in the form
• Create a renku account with the same credentials (i.e. emailB) as what you did for gitlab above
• Log out of both renku and gitlab
• Try to log back into renku with emailB - this will now fail

To fix this you have to find the user in the Gitlab admin console, go to the Identities tab of the user page and add a New identitiy with the Renku login (oauth2_generic) provider and for the identifier you should add the keycloak user ID of the account the user created in renku. From this point on the 2 accounts are link (as they should be) and everything will work.