oidc allow_existing_users fails for users created before 1.27

[Rafaeltheraven]

Description

All the users on my homeserver are using our self-hosted Keycloak instance with OIDC. These users were initially created manually in synapse and then ported over to user_external_ids using the method described in #7633. As a result, their auth_provider field was set to oidc.

Ever since 1.27, the ability for multiple oidc providers was added and with it the auth_provider value has changed for most instances (in my case it is now oidc-keycloak). The values in the database, however, haven't changed, which leads to the problem where users will try to login over oidc and get assigned a new user instead of the old user they were expecting.

This is (relatively) easily solved by going into the database and running UPDATE user_external_ids SET auth_provider = 'oidc-keycloak', but this isn't mentioned anywhere in the upgrade notes (and it would probably be nicer if this happened automatically somehow)

Steps to reproduce

• Have a homeserver with oidc users prior to 1.27
• Update to 1.27 and modify config accordingly
• Try logging in

Version information

• Homeserver: private

• Version: 1.28.0 (though logic dictates the issue started in 1.27.0)

• Install method: apt

• Platform: debian 10

[richvdh]

I think this is a duplicate of #9514, based on the same misunderstanding.

[Rafaeltheraven]

You are correct, it is, might be good to mention this in the upgrade steps (though it might be too late now)

[rtest12]

I have the same problem as #9514
I migrated to a new server, no upgrade, just latest version to latest.
Users1-2-3 began to be created
I changed the old value idp_id from

matrix_synapse_configuration_extension_yaml: |
  oidc_providers:
   - idp_id: keycloak
     idp_name: "keycloak"

For new

matrix_synapse_configuration_extension_yaml: |
  oidc_providers:
   - idp_id: oidc
     idp_name: "keycloak"

I restarted the entire installation, but nothing has changed, still when I log in I get "User1:example.com"
I don't understand what else I missed?

all conf

matrix_synapse_configuration_extension_yaml: |
 oidc_providers:
  - idp_id: oidc
    idp_name: "keycloak"
    issuer: "https://id.exam.com/auth/realms/myrealm"
    client_id: "synapse"
    client_secret: "mykey"
    allow_existing_users: true
    scopes: ["openid", "profile"]
    user_mapping_provider:
      config:
          localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
          display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
          email_template: "{% raw %}{{ user.email }}{% endraw %}"