Skip to content

[BUG] OIDC still allows Local Auth #1004

New issue
New issue
Open
Open
[BUG] OIDC still allows Local Auth#1004
Labels
bugSomething isn't working
@difi80211g

Description

@difi80211g
difi80211g
opened on Jan 6, 2026

Describe the bug
I setup authentication with OIDC and did not set IRIS_AUTHENTICATION_LOCAL_FALLBACK=True. However when once a User was created and allowed to login with OIDC, they were still able to login with a local password. Having a backup password when the user is created sholdn't allow that user to login with a local password when OIDC is enabled.

To Reproduce
Steps to reproduce the behavior:

  1. Enable OIDC
  2. Create the local user
  3. Login with OIDC
  4. Login with local password

Expected behavior
If IRIS_AUTHENTICATION_LOCAL_FALLBACK=True is not set, you should not be able to login with local accounts at all when IRIS_AUTHENTICATION_TYPE=oidc

Additional context
Currently running 2.4.24

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions