bug when preferred username is not the email

[tcnichol]

reported by: Alec Sheperd

9:58 AM
Hi again, we've seem to hit a snag involving how user account are created. A user is now able to authenticate with our external keycloak, however, trying use various parts of clowder2 seems to fail, for example.
https://clowder2-test.icecube.aq/api/v2/users/profile

XHRGET
https://clowder2-test.icecube.aq/api/v2/users/profile
[HTTP/2 404 60ms]

detail "User myusername not found"
Tracking it down it seems like the issue is that get_user and get_current_username returns the preferred_username from the userinfo token, and then comparisons are made that check that the email in the UserDB is the same as the returned username. This works if the preferred username is the email, but for various reasons, the preferred_username in our keycloak is a separate username from their email.

clowder2/backend/app/routers/users.py

Line 134 in a5bc432

username=Depends(get_current_username),

https://github.com/clowder-framework/clowder2/blob/a5bc432958c4e6b64d16c203304a9469dd9e4581/backend/app/keycloak_auth.py#L236C37-L236C37
It seems like the fix to this would be either change get_user get_current_username to return the email from the userinfo token, or create a separate username/userid in the UserDB that is preferred_username and continue to compare on that.