OpenID from new browser doesn't work - Email address already exists

[lurendrejer]

Version

5.6.0

What happened?

Hi.

Had this happen one time before and just deleted the user.
But it seems to be a deeper problem - if i try to sign in from a incognito session or just any other browser than the one that is 'already signed in', 2fa just returns: "A user account with the same email address already exists but it does not match your external account ID."

I have attached the only 'error' from the log but i don't know if it is relevant.

Error & Logs

[2025-11-10 08:19:12] production.ERROR: No application encryption key has been specified. {"exception":"[object] (Illuminate\\Encryption\\MissingAppKeyException(code: 0)

Configuration

APP_KEY varible is configured and is 32 chars.
No response

Containerization

• Docker

Integration

No response

Additional information

No response

[lurendrejer]

Thnking back.
Another product required e-mail addresses to be 'verified' in keycloak - so the users did that.
That is more or less the only change in the environment i can think of.

[lurendrejer]

Solved... we changed from First.Last@domain.com to first.last@domain.com in our Active Directory configuration.
Logged in users works, new logins doesn't - had to change the uppercase letters to lowercase in the 2fauth -Database.

[Bubka]

Nice catch, will make the required changes to ensure that email addresses are compared case-insensitively 👍🏻

[lurendrejer]

I don't think the issue was with the e-mail per se, keycloak generates a userID F:1111-2222-3333:Firstname.Lastername@domain.com

It was the USERID that needed adjustments in the database. I did not adjust the e-mail address-row.

[Bubka]

Ok, so you are talking about the oauth_id column in the 2FAuth db. That property is indeed used to retrieve the user in the database. I did not notice that during my previous verification. Thx for the head up.