Hello, Can anyone help me how to get the user email id of the user in Rancher dashboard, when someone login rancher server with either GitHub, google, or another Identity service provider account

For some of them that will be the loginName, for others it's either not captured or not available (e.g. GitHub has a separate OAuth scope to get permission to see the email and Rancher doesn't ask for it since it has no need)

Hi @full-painter-23916, thanks for the reply, I am looking for a way to capture the email, if there a way I can modify to code to ask for the email id, can you guide me on which file to modify in the codebase, to ask for the email id, I know to build the code and run the code in dev mode.It is important for me to know more about the user and display the same in the dashboard.

The requested scope for e.g. github is in https://github.com/rancher/dashboard/blob/master/shell/store/auth.js#L12 , but there is no mechanism in the backend to capture the email now that it's available, or an extra field in the identities type to store it/a way for the UI to get it later. And I think at least one of the providers all there is is a UUID to identify the account and a display name. But don't remember which (and I don't work on rancher or for suse anymore)

Hi @full-painter-23916, thanks for the previous answer, can you please guide me if you can, what’s the way I can get the email IDs of the users logged in using GitHub google or other authentication providers?

I (still) don't work here anymore. This is their forum, if they want to reply they will. • If you're a customer, you can ask your rep about adding this. But realistically TBH, they will either say no outright or it will never get prioritized into a release: ◦ It's not a small change ◦ Rancher/SUSE has no use for the information ◦ Most/all users have no use for it either ◦ For some providers it requires adding friction by asking the user for extra permissions ◦ It's PII, so country-specific compliance headache implications • If you have/are a programmer, what I said before is roughly what you need on what to go do: ◦ Add a field in the principal and/or user type definition to hold it ◦ For each auth provider you want to support: ▪︎ Request extra permissions in the UI or backend to make it available, if needed. They're mostly all different. And in some of them there isn't even the concept of an email. I linked to exactly to where this is for GitHub above. ▪︎ Figure out how to get the email out of their API responses and/or make extra API calls to fetch it. ▪︎ Do that on login and/or identity fetch in the provider ▪︎ (Though not really exposed much today, users can have multiple identities, which might be tied to unrelated emails, so it should really go on the identity, not the actual top-level user) ◦ Package all that up into your own release and run that ◦ Maintain a patch and release process to do this forever as new versions are shipped • If you aren't and don't have a programmer, then your answer is email addresses are not captured. The information you want does not exist in Rancher, full stop.

Thank you for the response, I am a programmer, and I can understand what you wrote here, my question is just changing frontend may not work, I believe we need to change the Database related code as well, after receiving info from the authentication provider, we need to save it in the DB, right, so do we need to change anything to the Server side code as well? Also, we may need to change the Server API, right?

I laid out all the basic steps required to accomplish what you want, which explicitly already answered all of that, and linked to the exact place to do most of it. Nobody is going to give you more of a step-by-step guide than you've already gotten while you're demonstrating zero effort at even reading what you've been given and clicking blue words.

Thanks for the update and information, well FYI, I have read the whole Rancher documentation, not just the frontend, and Implemented much more than what you have given here, I am not asking for a step-by-step procedure, I just said the problems I faced, if you can’t help that’s ok, but there is no reason to sound frustrated and accusing me of not trying. Thanks again and good luck.