Social auth OpenID Backend doesn't bind to existing Netbox accounts

[Faabvk]

Hi,

I've recently tried to set up a remote authentication backend in the form of KeyCloak Open ID Connect.

REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'social_core.backends.open_id_connect.OpenIdConnectAuth'
REMOTE_AUTH_AUTO_CREATE_USER = False
REMOTE_AUTH_DEFAULT_GROUPS = []
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}
SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = 'https://xxxx.xxxxx.xxxx/realms/xxxxx/'

I've verified that Keycloak sends the right data back to Netbox using an OpenID Debugger, however, when authenticating, instead of binding the remote authentication to an existing Netbox account, that has the same username as the username that Keycloak provides, it creates a new account, even when AUTO_CREATE_USER is set to False like my settings above.

The created account's username looks something like <username><random hex junk>, example: fabian87af876d6

When I then manually change the user_id of the entry in social_auth_usersocialauth table in the database, and log in again, it does use the right account, but before then it just creates a brand new bogus account.

Before trying out OpenID Connect, I used SAML, and that would properly bind to existing accounts with no issue. I've also tried deleting the SAML association before logging in with OpenID, figuring it might clash when there is already an existing association with a remote authentication backend, but that didn't help either.

Is this intended behavior? Is this a bug? Should I direct this question to python-social-auth instead?
Eager to hear.

[xTerm1nus]

Having the same issue

[Faabvk]

Found a possible solution to this, apparently I haven't searched well enough for other threads about the same issue

python-social-auth/social-core#709 (comment)