[Backport] fix: only auto-submit SSO registration form when provider returns an email#38887
Conversation
…email When a third-party auth provider has "skip registration form" enabled, the authn MFE context set autoSubmitRegForm=True unconditionally. Providers such as Facebook (email permission denied) or Microsoft Entra ID can complete authentication without returning an email claim; auto-submitting the registration form in that case silently fails client-side validation and leaves the learner stuck on a partially-filled form with no explanation. Gate the auto-submit on the provider actually returning an email so the learner falls back to the normal registration form and can fill in what is missing. Fixes: openedx#38780
|
Thanks for the pull request, @ayesha-waris! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
Backport of #38860 to the
release/verawoodbranch.Description
When a third-party auth provider has "skip registration form" enabled, the authn MFE context set
autoSubmitRegForm=Trueunconditionally. Providers such as Facebook (email permission denied) or Microsoft Entra ID can complete authentication without returning an email claim; auto-submitting the registration form in that case silently fails client-side validation and leaves the learner stuck on a partially-filled form with no explanation.This change gates the auto-submit on the provider actually returning an email so the learner falls back to the normal registration form and can fill in what is missing.
Backport details
773ead2b7cb6d0d5bb14ee450ac3876eadeb5fca