[GH-ISSUE #184] Documentation error for migrating existing accounts to OIDC is missing details.

kerem commented

2026-03-02 16:47:13 +03:00

Owner

Originally created by @XtremeOwnageDotCom on GitHub (Jul 12, 2024).
Original GitHub issue: https://github.com/photoprism/photoprism-docs/issues/184

Problem Summary

The new documentation does not indicate how users without photoprism plus, can migrate their existing accounts to OIDC.

Solution / Details / Testing

Documentation for migrating OIDC users

The issue with this documentation, it references using Settings/Users which is a feature of photoprism plus.

Documentation, also does not list other alternatives, or work-arounds for managing this issue.

Assumption is though- you should be able to perform these commands via the Command line interface

(NOTE- none of the below credentials, tokens, etc are valid. Performed on a temporary instance of photoprism for testing and validation... Don't get too excited.)

So, starting with photoprism users show

root@240711:/photoprism$ photoprism users show akadmin
DEBU[2024-07-12T01:27:32Z] config: overriding config with values from /storage/storage/config/options.yml
DEBU[2024-07-12T01:27:32Z] config: running on 'QEMU Virtual CPU version 2.5+', 8.3 GB memory detected
DEBU[2024-07-12T01:27:32Z] settings: loaded from /storage/storage/config/settings.yml
DEBU[2024-07-12T01:27:32Z] vips: max cache size is 64 MB, using up to 1 worker
INFO[2024-07-12T01:27:32Z] Become a member today, support our mission and enjoy our member benefits! 💎
INFO[2024-07-12T01:27:32Z] Visit https://www.photoprism.app/membership to learn more.
DEBU[2024-07-12T01:27:32Z] config: successfully initialized [30.781342ms]

|---------------|--------------------------------------------------------------------|
|     Name      |                               Value                                |
|---------------|--------------------------------------------------------------------|
| AuthID        | "54b251266174b26e6e8c0919b4dc17be387c95a2605124200dbe9cf4a4f494a1" |
| AuthIssuer    | "https://auth.kube.xtremeownage.com/application/o/photoprism/"     |
| AuthMethod    | ""                                                                 |
| AuthProvider  | "oidc"                                                             |
| BackupEmail   | ""                                                                 |
| BasePath      | ""                                                                 |
| BornAt        | <nil>                                                              |
| CanInvite     | false                                                              |
| CanLogin      | true                                                               |
| ConsentAt     | <nil>                                                              |
| DeletedAt     | <nil>                                                              |
| DisplayName   | "authentik Default Admin"                                          |
| DownloadToken | "9u47u0b3"                                                         |
| ExpiresAt     | <nil>                                                              |
| InviteToken   | ""                                                                 |
| InvitedBy     | ""                                                                 |
| LoginAt       | time.Date(2024, time.July, 12,                                     |
|               | 1, 21, 24, 0, time.UTC)                                            |
| PreviewToken  | "9x32vidk"                                                         |
| RefID         | "userqwt4rp60"                                                     |
| ResetToken    | ""                                                                 |
| SuperAdmin    | false                                                              |
| Thumb         | ""                                                                 |
| ThumbSrc      | ""                                                                 |
| UUID          | ""                                                                 |
| UploadPath    | ""                                                                 |
| UserAttr      | ""                                                                 |
| UserDetails   | &entity.UserDetails{UserUID:"usghl3o9wzi5dhhs",                    |
|               | SubjUID:"", SubjSrc:"", PlaceID:"zz",                              |
|               | PlaceSrc:"", CellID:"zz", BirthYear:0,                             |
|               | BirthMonth:0, BirthDay:0, NameTitle:"",                            |
|               | GivenName:"authentik", MiddleName:"",                              |
|               | FamilyName:"Default Admin", NameSuffix:"",                         |
|               | NickName:"akadmin", NameSrc:"oidc",                                |
|               | UserGender:"", UserAbout:"", UserBio:"",                           |
|               | UserLocation:"", UserCountry:"", UserPhone:"",                     |
|               | SiteURL:"", ProfileURL:"", FeedURL:"",                             |
|               | AvatarURL:"", OrgTitle:"", OrgName:"",                             |
|               | OrgEmail:"", OrgPhone:"", OrgURL:"", IdURL:"",                     |
|               | CreatedAt:time.Date(2024, time.July, 12, 1,                        |
|               | 21, 24, 0, time.UTC), UpdatedAt:time.Date(2024,                    |
|               | time.July, 12, 1, 21, 24, 0, time.UTC)}                            |
| UserEmail     | "admin@xtremeownage.com"                                           |
| UserName      | "akadmin"                                                          |
| UserRole      | "guest"                                                            |
| UserSettings  | &entity.UserSettings{UserUID:"usghl3o9wzi5dhhs",                   |
|               | UITheme:"", UILanguage:"", UITimeZone:"",                          |
|               | MapsStyle:"", MapsAnimate:0, IndexPath:"",                         |
|               | IndexRescan:0, ImportPath:"", ImportMove:0,                        |
|               | DownloadOriginals:0, DownloadMediaRaw:0,                           |
|               | DownloadMediaSidecar:0, UploadPath:"",                             |
|               | DefaultPage:"", CreatedAt:time.Date(2024,                          |
|               | time.July, 12, 1, 21, 24, 0, time.UTC),                            |
|               | UpdatedAt:time.Date(2024, time.July, 12, 1, 21,                    |
|               | 24, 0, time.UTC)}                                                  |
| UserUID       | "usghl3o9wzi5dhhs"                                                 |
| VerifiedAt    | time.Date(2024, time.July, 12,                                     |
|               | 1, 21, 24, 0, time.UTC)                                            |
| VerifyToken   | ""                                                                 |
| WebDAV        | true                                                               |
|---------------|--------------------------------------------------------------------|

DEBU[2024-07-12T01:27:32Z] closed database connection
root@240711:/photoprism$

We can see an auth id, which seems like it would likely refer to the subject mentioned in the GUI interface.

So, running photoprism users mod to set the auth-id, and method...

root@240711:/photoprism$ photoprism users mod --auth-id 54b251266174b26e6e8c0919b4dc17be387c95a2605124200dbe9cf4a4f494a1 --auth oidc admin
DEBU[2024-07-12T01:30:59Z] config: overriding config with values from /storage/storage/config/options.yml
DEBU[2024-07-12T01:30:59Z] config: running on 'QEMU Virtual CPU version 2.5+', 8.3 GB memory detected
DEBU[2024-07-12T01:30:59Z] settings: loaded from /storage/storage/config/settings.yml
DEBU[2024-07-12T01:30:59Z] vips: max cache size is 64 MB, using up to 1 worker
INFO[2024-07-12T01:30:59Z] Become a member today, support our mission and enjoy our member benefits! 💎
INFO[2024-07-12T01:30:59Z] Visit https://www.photoprism.app/membership to learn more.
DEBU[2024-07-12T01:30:59Z] config: successfully initialized [35.105495ms]
DEBU[2024-07-12T01:30:59Z] migrate: running database migrations
...
DEBU[2024-07-12T01:31:00Z] migrate: completed in 41.103415ms
INFO[2024-07-12T01:31:00Z] user 'admin' has been updated
DEBU[2024-07-12T01:31:00Z] closed database connection

Then deleting the "new" oidc user via both CLI AND database (see #4394)...

Then, allows you to properly migrate an existing account over to OIDC.

(note- default, initial username of "admin")

Summarized version - How to migrate existing account to OIDC without photoprism plus.

Log into via OIDC to create new account.
photoprism users ls (Take note of new username).
photoprism users show new_username (Copy AuthID Value)
photoprism users rm new_username (Delete "new" user. Its not needed.)
photoprism users mod --auth-id YOUR_COPIED_AUTHID --auth oidc your_old_username (Update old username with copied OIDC details
Log in via OIDC, and you will be in your old profile.

Reverting changes, and removing OIDC.

Log out.
via CLI: photoprism users mod --auth-id null --auth local your_username (Remove auth id, and remove oidc).
Log back in via OIDC.

Note- you are now on a new profile, since you disabled OIDC on the old profile.

If you run into "Invalid Credentials" error, you may need to manually remove your user from the auth_users table; See: https://github.com/photoprism/photoprism/issues/4394

As of the posting of this ticket, its related PR, and the ticket in the primary repo- it appears photoprism users rm does not remove the record from the auth table, which will prevent that OIDC user from being able to log in, or register until either you update the deleted user's auth_id, or just clear the entire row.

Originally created by @XtremeOwnageDotCom on GitHub (Jul 12, 2024). Original GitHub issue: https://github.com/photoprism/photoprism-docs/issues/184 ## Problem Summary The new documentation does not indicate how users without photoprism plus, can migrate their existing accounts to OIDC. ## Solution / Details / Testing [Documentation for migrating OIDC users](https://docs.photoprism.app/getting-started/advanced/openid-connect/#existing-accounts) ![image](https://github.com/user-attachments/assets/bad0283a-a4d6-4ec9-ade4-3d5c2fa79b35) The issue with this documentation, it references using [Settings/Users](https://docs.photoprism.app/user-guide/users/) which is a feature of photoprism plus. Documentation, also does not list other alternatives, or work-arounds for managing this issue. Assumption is though- you should be able to perform these commands via the [Command line interface](https://docs.photoprism.app/user-guide/users/cli/) (NOTE- none of the below credentials, tokens, etc are valid. Performed on a temporary instance of photoprism for testing and validation... Don't get too excited.) So, starting with `photoprism users show` ``` bash root@240711:/photoprism$ photoprism users show akadmin DEBU[2024-07-12T01:27:32Z] config: overriding config with values from /storage/storage/config/options.yml DEBU[2024-07-12T01:27:32Z] config: running on 'QEMU Virtual CPU version 2.5+', 8.3 GB memory detected DEBU[2024-07-12T01:27:32Z] settings: loaded from /storage/storage/config/settings.yml DEBU[2024-07-12T01:27:32Z] vips: max cache size is 64 MB, using up to 1 worker INFO[2024-07-12T01:27:32Z] Become a member today, support our mission and enjoy our member benefits! 💎 INFO[2024-07-12T01:27:32Z] Visit https://www.photoprism.app/membership to learn more. DEBU[2024-07-12T01:27:32Z] config: successfully initialized [30.781342ms] |---------------|--------------------------------------------------------------------| | Name | Value | |---------------|--------------------------------------------------------------------| | AuthID | "54b251266174b26e6e8c0919b4dc17be387c95a2605124200dbe9cf4a4f494a1" | | AuthIssuer | "https://auth.kube.xtremeownage.com/application/o/photoprism/" | | AuthMethod | "" | | AuthProvider | "oidc" | | BackupEmail | "" | | BasePath | "" | | BornAt | <nil> | | CanInvite | false | | CanLogin | true | | ConsentAt | <nil> | | DeletedAt | <nil> | | DisplayName | "authentik Default Admin" | | DownloadToken | "9u47u0b3" | | ExpiresAt | <nil> | | InviteToken | "" | | InvitedBy | "" | | LoginAt | time.Date(2024, time.July, 12, | | | 1, 21, 24, 0, time.UTC) | | PreviewToken | "9x32vidk" | | RefID | "userqwt4rp60" | | ResetToken | "" | | SuperAdmin | false | | Thumb | "" | | ThumbSrc | "" | | UUID | "" | | UploadPath | "" | | UserAttr | "" | | UserDetails | &entity.UserDetails{UserUID:"usghl3o9wzi5dhhs", | | | SubjUID:"", SubjSrc:"", PlaceID:"zz", | | | PlaceSrc:"", CellID:"zz", BirthYear:0, | | | BirthMonth:0, BirthDay:0, NameTitle:"", | | | GivenName:"authentik", MiddleName:"", | | | FamilyName:"Default Admin", NameSuffix:"", | | | NickName:"akadmin", NameSrc:"oidc", | | | UserGender:"", UserAbout:"", UserBio:"", | | | UserLocation:"", UserCountry:"", UserPhone:"", | | | SiteURL:"", ProfileURL:"", FeedURL:"", | | | AvatarURL:"", OrgTitle:"", OrgName:"", | | | OrgEmail:"", OrgPhone:"", OrgURL:"", IdURL:"", | | | CreatedAt:time.Date(2024, time.July, 12, 1, | | | 21, 24, 0, time.UTC), UpdatedAt:time.Date(2024, | | | time.July, 12, 1, 21, 24, 0, time.UTC)} | | UserEmail | "admin@xtremeownage.com" | | UserName | "akadmin" | | UserRole | "guest" | | UserSettings | &entity.UserSettings{UserUID:"usghl3o9wzi5dhhs", | | | UITheme:"", UILanguage:"", UITimeZone:"", | | | MapsStyle:"", MapsAnimate:0, IndexPath:"", | | | IndexRescan:0, ImportPath:"", ImportMove:0, | | | DownloadOriginals:0, DownloadMediaRaw:0, | | | DownloadMediaSidecar:0, UploadPath:"", | | | DefaultPage:"", CreatedAt:time.Date(2024, | | | time.July, 12, 1, 21, 24, 0, time.UTC), | | | UpdatedAt:time.Date(2024, time.July, 12, 1, 21, | | | 24, 0, time.UTC)} | | UserUID | "usghl3o9wzi5dhhs" | | VerifiedAt | time.Date(2024, time.July, 12, | | | 1, 21, 24, 0, time.UTC) | | VerifyToken | "" | | WebDAV | true | |---------------|--------------------------------------------------------------------| DEBU[2024-07-12T01:27:32Z] closed database connection root@240711:/photoprism$ ``` We can see an auth id, which seems like it would likely refer to the subject mentioned in the GUI interface. So, running `photoprism users mod` to set the auth-id, and method... ``` bash root@240711:/photoprism$ photoprism users mod --auth-id 54b251266174b26e6e8c0919b4dc17be387c95a2605124200dbe9cf4a4f494a1 --auth oidc admin DEBU[2024-07-12T01:30:59Z] config: overriding config with values from /storage/storage/config/options.yml DEBU[2024-07-12T01:30:59Z] config: running on 'QEMU Virtual CPU version 2.5+', 8.3 GB memory detected DEBU[2024-07-12T01:30:59Z] settings: loaded from /storage/storage/config/settings.yml DEBU[2024-07-12T01:30:59Z] vips: max cache size is 64 MB, using up to 1 worker INFO[2024-07-12T01:30:59Z] Become a member today, support our mission and enjoy our member benefits! 💎 INFO[2024-07-12T01:30:59Z] Visit https://www.photoprism.app/membership to learn more. DEBU[2024-07-12T01:30:59Z] config: successfully initialized [35.105495ms] DEBU[2024-07-12T01:30:59Z] migrate: running database migrations ... DEBU[2024-07-12T01:31:00Z] migrate: completed in 41.103415ms INFO[2024-07-12T01:31:00Z] user 'admin' has been updated DEBU[2024-07-12T01:31:00Z] closed database connection ``` Then deleting the "new" oidc user via both CLI AND database (see #4394)... Then, allows you to properly migrate an existing account over to OIDC. (note- default, initial username of "admin") ![image](https://github.com/user-attachments/assets/1c7c4588-3d12-496e-81e5-d3ca55e2cd67) ## Summarized version - How to migrate existing account to OIDC without photoprism plus. 1. Log into via OIDC to create new account. 2. `photoprism users ls` (Take note of new username). 3. `photoprism users show new_username` (Copy AuthID Value) 4. `photoprism users rm new_username` (Delete "new" user. Its not needed.) 5. `photoprism users mod --auth-id YOUR_COPIED_AUTHID --auth oidc your_old_username` (Update old username with copied OIDC details 6. Log in via OIDC, and you will be in your old profile. ## Reverting changes, and removing OIDC. 1. Log out. 2. via CLI: `photoprism users mod --auth-id null --auth local your_username` (Remove auth id, and remove oidc). 3. Log back in via OIDC. Note- you are now on a new profile, since you disabled OIDC on the old profile. ![image](https://github.com/user-attachments/assets/760b9c0f-d1a5-494e-bf34-a7e41cc2ad9e) ### Related issue- If you run into "Invalid Credentials" error, you may need to manually remove your user from the auth_users table; See: https://github.com/photoprism/photoprism/issues/4394 As of the posting of this ticket, its related PR, and the ticket in the primary repo- it appears `photoprism users rm` does not remove the record from the auth table, which will prevent that OIDC user from being able to log in, or register until either you update the deleted user's auth_id, or just clear the entire row.

kerem closed this issue

2026-03-02 16:47:13 +03:00

kerem commented

2026-03-02 16:47:14 +03:00

Author

Owner

@XtremeOwnageDotCom commented on GitHub (Jul 12, 2024):

@lastzero I did have a issue over in in the docs repo- for updating the docs!

Since- the commits are in, I'll go ahead and close this one, along with the PR.

Closed #184, resolved by these commits:

@XtremeOwnageDotCom commented on GitHub (Jul 12, 2024): @lastzero I did have a issue over in in the docs repo- for updating the docs! Since- the commits are in, I'll go ahead and close this one, along with the PR. Closed #184, resolved by these commits: * https://github.com/photoprism/photoprism-docs/commit/d9d73e02dbe980d1ec78fe1a8d0060a07f3f5bf3 * https://github.com/photoprism/photoprism-docs/commit/9d3f66c816915b52d2635068d440610c462ded2c * https://github.com/photoprism/photoprism-docs/commit/aae71aef3b3bcc334d86538f05cec894c25a1232 * https://github.com/photoprism/photoprism-docs/commit/43c05d0be0907be82dc351a47eb2ea79e9a738f9 * https://github.com/photoprism/photoprism-docs/commit/5199a985754574988062d5a7e102653b83530b65

kerem referenced this issue

2026-03-02 16:47:30 +03:00

[PR #38] [MERGED] Update Advanced Settings documentation #64

Rows
Columns

[GH-ISSUE #184] Documentation error for migrating existing accounts to OIDC is missing details. #38

Problem Summary

Solution / Details / Testing

Summarized version - How to migrate existing account to OIDC without photoprism plus.

Reverting changes, and removing OIDC.

Related issue-