From 3daf1c8341ab40a580777246e742ff5019a483d2 Mon Sep 17 00:00:00 2001
From: Meier Lukas <meierschlumpf@gmail.com>
Date: Fri, 16 May 2025 20:57:51 +0200
Subject: [PATCH] feat(auth): add account linking for oidc providers (#3106)

Co-authored-by: Manuel <30572287+manuel-rw@users.noreply.github.com>
---
 packages/auth/env.ts                          | 1 +
 packages/auth/providers/oidc/oidc-provider.ts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/packages/auth/env.ts b/packages/auth/env.ts
index e58aa9673..40878312f 100644
--- a/packages/auth/env.ts
+++ b/packages/auth/env.ts
@@ -40,6 +40,7 @@ export const env = createEnv({
           AUTH_OIDC_GROUPS_ATTRIBUTE: z.string().default("groups"), // Is used in the signIn event to assign the correct groups, key is from object of decoded id_token
           AUTH_OIDC_NAME_ATTRIBUTE_OVERWRITE: z.string().optional(),
           AUTH_OIDC_FORCE_USERINFO: createBooleanSchema(false),
+          AUTH_OIDC_ENABLE_DANGEROUS_ACCOUNT_LINKING: createBooleanSchema(false),
         }
       : {}),
     ...(authProviders.includes("ldap")
diff --git a/packages/auth/providers/oidc/oidc-provider.ts b/packages/auth/providers/oidc/oidc-provider.ts
index bd72f9359..72fe191e8 100644
--- a/packages/auth/providers/oidc/oidc-provider.ts
+++ b/packages/auth/providers/oidc/oidc-provider.ts
@@ -15,6 +15,7 @@ export const OidcProvider = (headers: ReadonlyHeaders | null): OIDCConfig<Profil
   clientId: env.AUTH_OIDC_CLIENT_ID,
   clientSecret: env.AUTH_OIDC_CLIENT_SECRET,
   issuer: env.AUTH_OIDC_ISSUER,
+  allowDangerousEmailAccountLinking: env.AUTH_OIDC_ENABLE_DANGEROUS_ACCOUNT_LINKING,
   authorization: {
     params: {
       scope: env.AUTH_OIDC_SCOPE_OVERWRITE,