Users API returns the wrong identity

Lets assume, we have a domain (say example.com) that has two ALMs (Github and Bitbucket). Both of the ALMs have their own Bitbucket organization (say example-github and example-bitbucket).

We are using the users API to automatically add and remove users.

Problem: the users API returns only the last logged-in identity of the user. Expected: the API should return the both ALM identities of the user.

Example:
Assume that Alice (email: alice@example.com) has last logged in using the Bitbucket identity. Now, API call:

GET 'https://api.sonarcloud.io/users/users?email=alice@example.com'

will return:

{'users': [{'id': '12345678-1234-1234-1234-1234567890af',
   'login': 'alice@bitbucket', 'name': 'Alice',
   'email': 'alice@example.com', 'externalProvider': 'bitbucket',
   'avatar': '1234567890abcdef1234567890abcdef'}],
   'page': {'pageIndex': 1, 'pageSize': 50, 'total': 1}
}

However, if the user has logged in using the Github identity, then the same API call will return:

{'users': [{'id': '87654321-4321-4321-4321-fa0987654321',
   'login': 'alice@github',
   'name': 'Alice',
   'email': 'alice@example.com',
   'externalProvider': 'github',
   'avatar': 'fedcba0987654321fedcba0987654321'}],
 'page': {'pageIndex': 1, 'pageSize': 50, 'total': 1}}

This makes it impossible to build a reliable identity mapping automatically.

Hey @jil

This is expected, and is explained to the user when they switch accounts.

image1026×1230 88.1 KB

You may benefit from the SAML SSO Security Accounts of SonarCloud’s Enterprise plan if reliable identity mapping is important to you.

All that said, I’ll make sure to pass your feedback along. Identity management with DevOps platforms is certainly unintuitive.

Hi Colin ,

Not really the answer I wanted to hear, but thank you anyway.

Btw, you may want to add some warnings in this thread about this behaviour:

as it is quite evident that there is quite a bit more side-effects changing the ALM than Christophe_Havard suggests.