From e607667b26d15410b005f8e5d2ee3722f351d7ef Mon Sep 17 00:00:00 2001
From: Josh Waldrep <joshua.waldrep5+github@gmail.com>
Date: Sat, 3 Jan 2026 23:24:56 -0500
Subject: [PATCH] Added fallback to use the first identity when session login
 provider is unavailable.

---
 app/controllers/sessions_controller.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 51b125fe2..2d9007668 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -71,8 +71,12 @@ class SessionsController < ApplicationController
     id_token = session[:id_token_hint]
     login_provider = session[:sso_login_provider]
 
-    # Find the identity for the provider used during login (not arbitrary .first)
-    oidc_identity = login_provider.present? ? user.oidc_identities.find_by(provider: login_provider) : nil
+    # Find the identity for the provider used during login, with fallback to first if session data lost
+    oidc_identity = if login_provider.present?
+      user.oidc_identities.find_by(provider: login_provider)
+    else
+      user.oidc_identities.first
+    end
 
     # Destroy local session
     @session.destroy