Alexander Klimetschek created OAK-5304: ------------------------------------------
Summary: DefaultSyncContext.sync(ExternalIdentity) does not verify same identity provider Key: OAK-5304 URL: https://issues.apache.org/jira/browse/OAK-5304 Project: Jackrabbit Oak Issue Type: Bug Components: auth-external Affects Versions: 1.4.11, 1.5.15 Reporter: Alexander Klimetschek Since OAK-4224, the external IDP should be verified to be the same, but {{DefaultSyncContext.sync(ExternalIdentity)}} doesn't do that, as it only looks at {{ExternalIdentityRef.getProviderName()}}, but never at the {{rep:externalId}} of the (existing) authorizable. Assume there is * a user with the authorizable id "frank" * a {{rep:externalId}} with provider "alpha" or no such property (because locally created) * a sync {{context}} using provider "beta" Calling by id: {code:java} context.sync("frank") => result has Status.FOREIGN {code} Calling by ref: {code:java} ExternalIdentity externalId = ... // externalId.getId() => "frank" // externalId.getExternalId().getProviderName() => "beta" context.sync(externalId) => result has Status.UPDATE {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)