Unable to access user data after restoring from backup

[Fred-06]

Description
Environment

oCIS version: latest (Docker image owncloud/ocis:latest)
Deployment: Docker Compose
External IDP: Pocket ID (OIDC)
Backup tool: Duplicati 2.2.0.0 (S3 Storage -> iDriveE2)
OS: Debian

Problem Description
After restoring oCIS data from S3 backup to a new server, users can authenticate successfully via external OIDC provider (Pocket ID) but see 0 bytes / empty drives in oCIS Web interface.
Root Cause
UUID mismatch between external IDP and oCIS storage:

Before backup (old server):

User user@example.com had UUID 70a56c79-5793-4d08-baf4-a209e29a58af in oCIS
Files stored under /var/lib/ocis/storage/users/spaces/70/a56c79.../
.mpk file: 70a56c79-5793-4d08-baf4-a209e29a58af.mpk

After restore (new server):

External IDP (Pocket ID) was also restored from backup
User user@example.com has UUID aa44c34b-48f6-490a-a66a-b59cf6e314da in Pocket ID database
oCIS receives this UUID via OIDC but cannot find corresponding .mpk file
oCIS creates new empty user with UUID aa44c34b-... instead of using existing data

Steps to Reproduce

Set up oCIS with external OIDC provider (Pocket ID)
Create users and upload files
Backup both oCIS data directory AND external IDP database
Restore both on a new server
Attempt to login → User authenticates but sees no files

Expected Behavior
oCIS should recognize restored users and their existing data after backup/restore cycle.
Actual Behavior

Authentication succeeds via OIDC
oCIS receives UUID from external IDP
oCIS cannot find .mpk file for this UUID
User sees empty drive (0 bytes)
Files exist physically in storage but are "orphaned"

Logs
2025-11-09T18:48:01Z INF user idp:"https://pid.connect-17.ch" opaque_id:"aa44c34b-48f6-490a-a66a-b59cf6e314da" type:USER_TYPE_PRIMARY authenticated
2025-11-09T18:48:01Z INF calling get drives query={"$filter":["driveType eq project"],"$orderby":["name asc"]}
2025-11-09T18:48:01Z INF access-log bytes=13 status=200
Response bytes=13 indicates empty result [].
Configuration (relevant parts)
yamlenvironment:
OCIS_URL: https://ocis.example.com
OCIS_OIDC_ISSUER: https://idp.example.com
OCIS_EXCLUDE_RUN_SERVICES: idp
PROXY_AUTOPROVISION_ACCOUNTS: true
PROXY_ROLE_ASSIGNMENT_DRIVER: oidc
PROXY_OIDC_ISSUER: https://idp.example.com
PROXY_USER_OIDC_CLAIM: email
PROXY_USER_CS3_CLAIM: mail

To summarize, I can log in, but the link no longer seems to work. My data is there, but it is not visible to the main user.

Many thank's !

[jvillafanez]

oCIS uses the user UUID to uniquely identify the user. Different UUID implies different user, it doesn't matter that the rest of the user attributes are the same.

It seems to me this is a problem with your IDP. I don't know why they would return a different UUID for the user. You might want to check with them. If it isn't a bug on their side, you should use a different field for the UUID to ensure it's immutable.