It's currently possible to disable registration for an auth provider, but not possible to disable login.
Installs may reasonably want to allow linking to a provider like Asana, but require login through a narrower subset of providers (e.g., Google) -- for example, because Google has mandatory MFA but Asana does not.
It should be straightforward to support this, there was just no product motivation to implement it originally because there weren't any integration-focused use cases yet.
| Restricted Differential Revision | Restricted Diffusion Commit | ||
| rP Phabricator | |||
| D14794 | rPc4df4f62decd Allow login to be disabled for authentication providers | ||
| D14794 | rP6c4c93a091fa Allow login to be disabled for authentication providers | ||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | epriestley | T7441 Support OAuth providers in the cluster | ||
| Resolved | epriestley | T9997 Allow login to be disabled for an authentication provider |
This was easier than I thought and now in HEAD. Should go out Saturday unless churn related to T9905 makes me uneasy about promoting to stable -- I'm currently feeling good about promoting, but still have three full days to mangle master.