look users up by service and username instead of service_id since usernames have to be unique anyway w/ burnettk

keycloak/bin/add_test_users_to_keycloak

@@ -23,10 +23,14 @@ fi
 if [[ -z "${KEYCLOAK_BASE_URL:-}" ]]; then
   KEYCLOAK_BASE_URL=http://localhost:7002
 fi
+if [[ -z "${ADMIN_USERNAME:-}" ]]; then
+  ADMIN_USERNAME="admin"
+fi
+if [[ -z "${ADMIN_PASSWORD:-}" ]]; then
+  ADMIN_PASSWORD="admin"
+fi
 
 REALM_NAME="$keycloak_realm"
-ADMIN_USERNAME="admin"
-ADMIN_PASSWORD="admin"
 SECURE=false
 
 KEYCLOAK_URL=$KEYCLOAK_BASE_URL/realms/$REALM_NAME/protocol/openid-connect/token

src/spiffworkflow_backend/services/authorization_service.py

@@ -482,11 +482,6 @@ class AuthorizationService:
         """Profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at. """
         """Email."""
         is_new_user = False
-        user_model = (
-            UserModel.query.filter(UserModel.service == user_info["iss"])
-            .filter(UserModel.service_id == user_info["sub"])
-            .first()
-        )
         user_attributes = {}
 
         if "email" in user_info:
@@ -515,6 +510,13 @@ class AuthorizationService:
                     tenant_specific_field
                 ]
 
+        # example value for service: http://localhost:7002/realms/spiffworkflow (keycloak url)
+        user_model = (
+            UserModel.query.filter(UserModel.service == user_attributes["service"])
+            .filter(UserModel.username == user_attributes["username"])
+            .first()
+        )
+
         if user_model is None:
             current_app.logger.debug("create_user in login_return")
             is_new_user = True