Stashing an invitation ID before redirecting to SSO

[alexanderjulmer]

Hi,

I am using the SAML integration (without auto-signup) and I am facing the following problem: Users can start their signup flow from an invitation which is actually a dormant user account. When the user completes their signup, I need to make sure that instead of creating a new account, the dormant account is connected to the social account.

To achieve this, I would like to stash and restore the invitation's ID so that's available when the signup form is submitted.

I've seen the Provider.stash_redirect_state and its usage in SAMLProvider.redirect, but as I understand it, this cannot extended e.g. via the adapter. I guess using a custom provider would work, but that seems quite extensive for storing a single attribute.

I greatly appreciate your help.

[pennersr]

I am wondering why you are opting for creating dormant accounts at invitation time. It for example prohibits the use case where an already existing user would want to accept an invitation. In any case, I assume you have some view serving /invitation/accept?id=123. There, you could stash the ID in the session. Then, you could provide a pre_social_login(self, request, sociallogin) adapter method, where you would recover the ID from the session, lookup the dormant user, and set sociallogin.user = dormant_user.

[alexanderjulmer]

Thank you. That worked.

We use the dormant accounts because invited users can receive quite some object permissions before they accept their invitation – think about students being added to multiple classes at the beginning of the semester before they even know their university email addresses. As for accepting invitations by existing users, we've added some logic to merge the permissions of an existing and a dormant account.