From f077d133ac46d76624d1ca235432d981a5e5d874 Mon Sep 17 00:00:00 2001
From: Nancy <9d.24.nancy.sangani@gmail.com>
Date: Fri, 13 Mar 2026 20:46:46 +0530
Subject: [PATCH] fix: create email identity when OAuth-only user sets a
 password

---
 internal/api/user.go | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/internal/api/user.go b/internal/api/user.go
index 0fc2a1b5e..87d790fbc 100644
--- a/internal/api/user.go
+++ b/internal/api/user.go
@@ -225,6 +225,27 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 				return terr
 			}
 
+			if user.GetEmail() != "" {
+				if _, terr = models.FindIdentityByIdAndProvider(tx, user.ID.String(), "email"); terr != nil {
+					if !models.IsNotFoundError(terr) {
+						return apierrors.NewInternalServerError("Error finding email identity").WithInternalError(terr)
+					}
+					emailIdentity, terr := models.NewIdentity(user, "email", map[string]interface{}{
+						"sub":   user.ID.String(),
+						"email": user.GetEmail(),
+					})
+					if terr != nil {
+						return apierrors.NewInternalServerError("Error creating email identity").WithInternalError(terr)
+					}
+					if terr := tx.Create(emailIdentity); terr != nil {
+						return apierrors.NewInternalServerError("Error saving email identity").WithInternalError(terr)
+					}
+					if terr := user.UpdateAppMetaDataProviders(tx); terr != nil {
+						return apierrors.NewInternalServerError("Error updating providers").WithInternalError(terr)
+					}
+				}
+			}
+
 			// send a Password Changed email notification to the user to inform them that their password has been changed
 			if config.Mailer.Notifications.PasswordChangedEnabled && user.GetEmail() != "" {
 				if err := a.sendPasswordChangedNotification(r, tx, user); err != nil {