Best way to programmatically create OIDC SSO customers on the pretix side? #3668
-
We have a web application in which interested users can sign up, and as a side effect the user will also get an account in pretix. Currently, we are accomplishing this by using the customer pretix API to create accounts with the same password, but I want to switch this setup to use the now-available OIDC based SSO for customers. I have an implementation of an OIDC provider ready, but now I’m facing an interesting detail question: how can I make my web application ensure a customer account exists on the pretix side and obtain its id? I need to store the customer ID because the web app is making orders on the customer’s behalf. When using the customer API, the ID will be auto-assigned and won’t match what the SSO implementation expects: pretix/src/pretix/presale/views/customer.py Lines 722 to 728 in 5c7858c I could generate matching IDs, but via the customer API I still can’t set the provider_id field. It would probably be a quick patch to make it work, but I’m not sure if you’d consider merging it? The other alternative I can think of is to trigger a login, but I’m not sure what the best API for that would be. Making HTTP requests to pretix’s user interface and parsing HTML for CSRF tokens doesn’t seem like an elegant or stable solution, but I’m not aware of a programmatic way to log into pretix. Am I missing something? What do you think would be the best solution for this problem? Thanks in advance |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
I think you are not missing something. So far, this was not a problem we intended to solve. With most OIDC integrations, accounts are created on first login, which has the lowest error potential, and for almost all use cases this works very well. You can even set memberships etc. through the API right during/after first login. Why do you need to create the pretix customer before they first log in? For API order creation? |
Beta Was this translation helpful? Give feedback.
I think you are not missing something. So far, this was not a problem we intended to solve.
With most OIDC integrations, accounts are created on first login, which has the lowest error potential, and for almost all use cases this works very well. You can even set memberships etc. through the API right during/after first login.
Why do you need to create the pretix customer before they first log in? For API order creation?