[wp-meta] [Making WordPress.org] #8057: Slack email stuck with pre-sso address

Making WordPress.org noreply at wordpress.org
Wed Aug 13 02:29:44 UTC 2025 

#8057: Slack email stuck with pre-sso address
------------------------------------------------+--------------------
 Reporter:  dd32                                |      Owner:  (none)
     Type:  defect (bug)                        |     Status:  new
 Priority:  high                                |  Milestone:
Component:  Communication (Matrix, Slack, IRC)  |   Keywords:
------------------------------------------------+--------------------
 When we enabled Slack SSO with WordPress.org, we re-used the users
 specified email address rather than forcing all accounts back to
 `@chat.wordpress.org`.

 At the time, I was under the impression that users could change their
 email if needed still. It appears I was either wrong, or this requires
 more work to achieve.

 We should update our Slack SSO code that upon login, changes a users slack
 email address to the `USERNAME at chat.wordpress.org` if they're using an
 email such as `NAME at old-company-i-no-longer-work-at.com` (Perhaps only if
 it doesn't match their w.org profile?)

 The Slack SAML specs note that there are two required params:
 https://slack.com/intl/en-au/help/articles/205168057-Custom-SAML-single-
 sign-
 on#:~:text=or%20something%20similar.-,Settings%20to%20include,-NameID%20(Required)
 > NameID (Required)
 > Your Unique Identifier
 > Note: To meet SAML specifications, the NameID must be unique, pseudo-
 random, and will not change for the user over time – like an employee ID
 number.
 >
 > Email attribute (required)
 > testuser at youremail.com

 I think if we pass the same NameID with a new email address, it'll update
 the linked email address.
 If the user hasn't logged in with SSO before though, the user profile will
 be matched based on the Email, so for users that haven't SSO'd before
 they'd need to have their old email specified during the initial login.

 Perhaps incorrectly, we're using `user_login` as the `NameID` parameter at
 present, rather than a psuedorandom identifier, This may mean that moving
 Slack accounts between WordPress.org accounts is more problematic than it
 needed to be.

 The implementation should be reviewed to properly allow for such changes.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/8057>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list