You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
After integrating drf-social-oauth2, a user was able to sign up with their Google account using both @googlemail.com and @gmail.com email addresses. This resulted in two separate user accounts being created in the Django database for what should be a single user.
To Reproduce
Steps to reproduce the behavior:
Go to the application's sign-up page
Click on 'Sign up with Google'
Sign in with a Google account using the @googlemail.com domain
Log out and repeat steps 1-2
Sign in with the same Google account using the @gmail.com domain
Check the Django admin panel or user database
Expected behavior
The system should recognize @googlemail.com and @gmail.com as equivalent domains for Google accounts and create only one user account in the Django database, regardless of which domain is used during sign-up.
Desktop (please complete the following information):
OS: [Not specified, please fill in if relevant]
Browser: [Not specified, please fill in if relevant]
Version: [Not specified, please fill in if relevant]
Smartphone (please complete the following information):
Device: [Not applicable for this issue]
OS: [Not applicable for this issue]
Browser: [Not applicable for this issue]
Version: [Not applicable for this issue]
Additional context
This issue is related to the handling of Google account email domains during the OAuth2 authentication process. It appears that the current implementation is not accounting for the fact that @googlemail.com and @gmail.com are treated as equivalent by Google but are being seen as distinct by our application. This could lead to problems with user account management and potential security issues if not addressed.
The text was updated successfully, but these errors were encountered:
Describe the bug
After integrating drf-social-oauth2, a user was able to sign up with their Google account using both @googlemail.com and @gmail.com email addresses. This resulted in two separate user accounts being created in the Django database for what should be a single user.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The system should recognize @googlemail.com and @gmail.com as equivalent domains for Google accounts and create only one user account in the Django database, regardless of which domain is used during sign-up.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
This issue is related to the handling of Google account email domains during the OAuth2 authentication process. It appears that the current implementation is not accounting for the fact that @googlemail.com and @gmail.com are treated as equivalent by Google but are being seen as distinct by our application. This could lead to problems with user account management and potential security issues if not addressed.
The text was updated successfully, but these errors were encountered: