feat: Add auth.disableUsernameChanges option to site config
Created by: KattMingMing
Allows site admins to specify whether or not users are able to change their username after account creation. This is especially useful in the cases where usernames are provided by SSO auth providers.
This PR is also related to: https://github.com/sourcegraph/sourcegraph/pull/2230.
Primary use case: Synchronizing user information from Okta to Sourcegraph when provisioning and deprovisioning user accounts.
- Provisioning:
- Okta will automatically assign the usernames during a provisioning job so that all usernames match across applications. Immutable usernames ensures that this remains consistent.
- Deprovisioning
- Use case: Automatically delete a user from Sourcegraph when removing a user from Okta.
- Prior to https://github.com/sourcegraph/sourcegraph/pull/2230, querying a user was done via username. Mutable usernames make this unreliable, but since usernames are assigned by the SSO provider making them immutable is one fix to ensure consistency.
- Related PR (https://github.com/sourcegraph/sourcegraph/pull/2230) updates
Query.userto allow site-admins to query a user by email address or username. - Querying by email address would be the preferred way to delete users in this example.
- Related PR (https://github.com/sourcegraph/sourcegraph/pull/2230) updates